[dns-operations] DNSSEC impact on applications was Re: security-aware stub resolver
drc at virtualized.org
Tue May 27 13:48:12 UTC 2008
On May 27, 2008, at 5:33 AM, Blacka, David wrote:
> To be clear, what the validating stub needs to cache is validated,
> trusted DNSKEYs (and, if desired, trusted DS RRs), since it is the one
> determining that they are trusted. Otherwise, it would have to build
> the trust chain down from the trust anchor every time.
What would be the advantage of having a caching validated stub
resolver as opposed to having a full validating caching resolver and
using some form of more intelligent IPC to obtain information from
that caching resolver?
> But, keep in mind that this cache isn't anything like as large as a
> normal resolver cache.
I'm confused. Wouldn't it need to do pretty much everything a full
validating caching resolver would need to do?
More information about the dns-operations