[dns-operations] DNS trust dependencies for TLDs
Mark Andrews
marka at isc.org
Thu Jun 11 07:41:19 UTC 2009
In message <20090611065119.GA15289 at sources.org>, Stephane Bortzmeyer writes:
> On Thu, Jun 11, 2009 at 12:22:13AM -0500,
> John Kristoff <jtk at cymru.com> wrote
> a message of 53 lines which said:
>
> > There are other dependencies, such as the routing infrastructure.
>
> Probably the biggest one. And, here, even DNSSEC cannot help. I seize
> the opportunity to promote the use of the excellent BGP monitor BGPmon
> <http://www.bgpmon.net/>. With it, you are still 0wNEd but at least
> you know it :-)
DNSSEC will still tell you if you are getting bogus DNS responses.
After that you need application security but knowing if you are
talking to the right end point for some protocols still requires
DNSSEC as the application security depends on the DNS security.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list