[dns-operations] OpenDNS adopts DNSCurve
Lutz Donnerhacke
lutz at iks-jena.de
Thu Feb 25 10:27:26 UTC 2010
* Stephane Bortzmeyer wrote:
> http://blog.opendns.com/2010/02/23/opendns-dnscurve/
http://blog.opendns.com/2010/02/23/opendns-dnscurve/#comment-338794
: As an DNSSEC evangelist (and late adopter) … I fear the OpenDNS reservations
: about DNSSEC are simple commerical ones.
:
: DNSSEC prevents OpenDNS from redirecting NXDOMAIN DNS responses to their own
: search engine (and ads). DNSSEC prevents OpenDNS from implementing the
: “kid-safe” environment.
:
: DNSCurve and DNSSEC are not related, they are offering complete different
: solutions: DNSCurve aims to transport layer security (i.e. talking to the
: right authoritive server), while DNSSEC aims to data authenticy (i.e.
: getting the right answer regardless how many servers are involved)
:
: OpenDNS as a man-in-the-middle DNS service can check that they are not
: easily fooled itself, but still providing modified answers to their clients
: (which is a legitimate activity), by adoping DNSCurve.
:
: But OpenDNS can’t support DNSSEC … it will break their business.
:
:(Your comment is awaiting moderation.)
More information about the dns-operations
mailing list