[dns-operations] security-aware stub resolver

Patrik Fältström patrik at frobbit.se
Fri May 23 03:19:35 UTC 2008

On 22 maj 2008, at 23.48, Florian Weimer wrote:

> * Paul Vixie:
>> i think it's important that applications be dnssec aware.  i don't  
>> know the
>> exact signalling used to tell an app that an answer was validated,
> I doubt DNSSEC can be used as a useful security indicator because the
> meaning of a succesful validation will very tremendously from name to
> name (and depend on local configuration as well).

I disagree with you Florian, and agree with Paul. We need any security  
mechanism we have, specifically validation mechanisms. In the DNS  
lookup, in the BGP peering, in the DNS zone transfer, in the  
application that connect a client to a server, ...

The time when we could trust someone "just because we trust each  
other" is over.


More information about the dns-operations mailing list