[dns-operations] Announcement: Test Report on DNSSEC impact on SOHO CPE

Ray.Bellis at nominet.org.uk Ray.Bellis at nominet.org.uk
Tue Sep 16 06:16:05 UTC 2008


>    It's not really not that bad.  If one is deploying DNSSEC
>    today behind one of these boxes you will almost certainly
>    have your own caching server and it will work as routed
>    packets passed through ok.  This is the only way you get
>    to specify policy.
> 
>    While there is room for improvement these boxes will not
>    prevent the deployment of DNSSEC. 

That's indeed correct, and the CircleID story paints our results in an 
unnecessarily bad light.

Our report is focussed on the "out of the box" experience, such as might 
be seen when client OSes routinely include security aware stub resolvers.

Ray

-- 
Ray Bellis, MA(Oxon)
Senior Researcher in Advanced Projects, Nominet
e: ray at nominet.org.uk, t: +44 1865 332211



More information about the dns-operations mailing list