[dns-operations] OpenDNS adopts DNSCurve

Paul Vixie vixie at isc.org
Wed Feb 24 21:50:35 UTC 2010


> Date: Wed, 24 Feb 2010 11:52:28 -0800
> From: Matthew Dempsky <matthew at dempsky.org>
> 
> > what's the corresponding plan for DNSCurve?
> 
> The same general plan works for DNSCurve.

so, the root nameserver names would have to change?

> ...
> 
> Orthogonal to that, there's no concrete plan yet for automating trust
> anchors yet, and ideas are welcome.
> 
> The root zone file is available with PGP signatures, so if a TLD were
> to support DNSCurve, recursive servers could extract the appropriate
> NS records from the root zone file to setup as a trust anchor.
> 
> Also, some TLD zone files (in particular, .com and .net) are also
> available for download with PGP signatures, and a trusted party with
> access to them could republish just the zones with NS records
> indicating DNSCurve support.

this kind of heavy weight metadata model may fit the needs of opendns
and other large scale outsourced recursive dns providers, but it won't
fit into the small scale widely-distributed in-house / embedded model
that DNS (and DNSSEC) uses today.  is that intentional?  (i ask, since
you are both an opendns employee and a dnscurve developer.)



More information about the dns-operations mailing list