[dns-operations] DNS trust dependencies for TLDs

Mark Andrews marka at isc.org
Thu Jun 11 07:41:19 UTC 2009

In message <20090611065119.GA15289 at sources.org>, Stephane Bortzmeyer writes:
> On Thu, Jun 11, 2009 at 12:22:13AM -0500,
>  John Kristoff <jtk at cymru.com> wrote 
>  a message of 53 lines which said:
> > There are other dependencies, such as the routing infrastructure.
> Probably the biggest one. And, here, even DNSSEC cannot help. I seize
> the opportunity to promote the use of the excellent BGP monitor BGPmon
> <http://www.bgpmon.net/>. With it, you are still 0wNEd but at least
> you know it :-)

DNSSEC will still tell you if you are getting bogus DNS responses.
After that you need application security but knowing if you are
talking to the right end point for some protocols still requires
DNSSEC as the application security depends on the DNS security.
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the dns-operations mailing list