[dns-operations] OpenDNS adopts DNSCurve

Lutz Donnerhacke lutz at iks-jena.de
Thu Feb 25 10:27:26 UTC 2010

* Stephane Bortzmeyer wrote:
> http://blog.opendns.com/2010/02/23/opendns-dnscurve/

: As an DNSSEC evangelist (and late adopter) … I fear the OpenDNS reservations
: about DNSSEC are simple commerical ones.
: DNSSEC prevents OpenDNS from redirecting NXDOMAIN DNS responses to their own
: search engine (and ads). DNSSEC prevents OpenDNS from implementing the
: “kid-safe” environment.
: DNSCurve and DNSSEC are not related, they are offering complete different
: solutions: DNSCurve aims to transport layer security (i.e. talking to the
: right authoritive server), while DNSSEC aims to data authenticy (i.e.
: getting the right answer regardless how many servers are involved)
: OpenDNS as a man-in-the-middle DNS service can check that they are not
: easily fooled itself, but still providing modified answers to their clients
: (which is a legitimate activity), by adoping DNSCurve.
: But OpenDNS can’t support DNSSEC … it will break their business.
:(Your comment is awaiting moderation.)

More information about the dns-operations mailing list