[dns-operations] Question to DNSSEC and DLV policy

Michael Monnerie michael.monnerie at is.it-management.at
Mon Mar 23 07:26:14 UTC 2009

On Montag 23 März 2009 Paul Vixie wrote:
> there is precious little benefit to being the first to speak a wide
> area protocol.  that was true of IPv6

Here in Austria, still it *is* true. I don't know any ISP who would give 
you IPv6 addresses. I'd like to test it, but can't. I know there are 
IPv6-to-IPv4 services, but I'd like to be native. Well, I believe if you 
have real services you'd still need both IPv4 and IPv6 on that server.

> if you deploy DNSSEC and DLV today you will become immune to several
> kinds of known wire-level poisoning for others who've deployed DNSSEC
> and DLV.
> but more importantly you will form an installed base that will
> attract others who need more motivation than you needed.

Yes, like I said it's cool. And I'd like to implement and test it. Just 
need to wait until named is patched with openSUSE.

mfg zmi
// Michael Monnerie, Ing.BSc    -----      http://it-management.at
// Tel: 0660 / 415 65 31                      .network.your.ideas.
// PGP Key:         "curl -s http://zmi.at/zmi.asc | gpg --import"
// Fingerprint: AC19 F9D5 36ED CD8A EF38  500E CE14 91F7 1C12 09B4
// Keyserver: wwwkeys.eu.pgp.net                  Key-ID: 1C1209B4

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20090323/55964936/attachment.sig>

More information about the dns-operations mailing list