[dns-operations] dlv.isc.org "full production" [was: Re: Statement: Issues using BIND 9.4 & 9.5 with DLV and certain DNSSEC-signed zones]

Paul Vixie vixie at isc.org
Sun Mar 22 01:43:22 UTC 2009

> 	well...  i might refer folks to some historical posts from Paul
> 	Vixie...  granted, he's not claiming direct responsibility for DLV,
> 	but he is president of ISC...  so his musings might carry a little
> 	weight.

that would be me.

> 	for example:
> From: Paul Vixie <paul at vix.com>
> To: nanog at merit.edu
> Subject: wrt joao damas' DLV talk on wednesday
> Date: Sun, 11 Jun 2006 06:50:05 +0000
> Message-ID: <77813.1150008605 at sa.vix.com>
> [lengthy diatribe elided]
> (my concern is, DLV is an evolutionary dead end, a deployment aid, and
> pissing away even more time and money on it seems like a waste of time
> compared to finishing NSEC3, signing the root, y'know, important stuff.)

i am ANGRY that it has taken 13+ years to finish the DNSSEC spec and that
the community can have no reasonable expectation that the root zone will
EVER be signed.

in that context, i stand by what i said.  DLV should NOT have been necessary.

however, DLV *is* necessary if we want to create enough of a DNSSEC market
to convince the powers-that-be to sign the root and all TLD's.

> 	---------------------
> 	with those kinds of statements, I would be very hesitant to 
> 	commit to DLV for anything other than as a sandbox experiment.

ISC is fully committed to full production DLV for as long as it's needed.
the fact that i am ANGRY AS HELL at the *need* for DLV should not be cause
for confusion.  this anger also refers back to a long train of trainwrecked
IETF meetings and concalls and mailing list threads in which many things
that could have brought "deployable DNSSEC" to the world as long as ten
years ago were shot dead, bodies trampled.

More information about the dns-operations mailing list