[dns-operations] No public calendar for the root signing deployment
Stephane Bortzmeyer
bortzmeyer at nic.fr
Fri Dec 11 07:41:42 UTC 2009
On Thu, Dec 10, 2009 at 09:30:18AM -0800,
Sam Norris <Sam at ChangeIP.com> wrote
a message of 13 lines which said:
> is there a BCP about this topic we can direct vendors to?
ICANN SSAC document SAC035
<http://www.icann.org/en/committees/security/sac035.pdf>
DNSSEC Impact on Broadband Routers and Firewalls
<http://download.nominet.org.uk/dnssec-cpe/DNSSEC-CPE-Report.pdf>
RFC 5625 DNS Proxy Implementation Guidelines.
<https://www.dns-oarc.net/oarc/services/replysizetest>
But, again, my experience matches the one of Gaurab Raj Upadhaya, the
most important problem is with *configuration*, not with
software. There are not many full-fledged resolvers behind the small
hardwired CPEs. But there are many resolvers (and users) behind
misconfigured firewalls. So we need to reach the firewall managers,
not only the vendors.
More information about the dns-operations
mailing list