[dns-operations] OpenDNS adopts DNSCurve
Mike Damm
mike at damm.com
Fri Feb 26 02:57:45 UTC 2010
Tony Finch wrote:
> On Thu, 25 Feb 2010, Stephane Bortzmeyer wrote:
>
>> http://blog.opendns.com/2010/02/23/opendns-dnscurve/
>>
>>
>>> High traffic DNS servers can't handle signing every response packet,
>>> so they need to pre-compute signatures. This limits how companies like
>>> Akamai and Google or projects like the NTP Pool can use DNS for global
>>> load balancing and routing users to their nearest servers.
>>>
>
> I don't see why these kinds of special DNS servers can't sign all the
> possible RRsets they might return offline.
>
How would people implement something like whoami.ultradns.net using
DNSSEC? I ask this seriously because pre-signing seems to be the catch
all answer for the more dynamic things people want to do with DNS, but I
don't believe people understand how poorly that scales.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20100225/d47e889d/attachment.html>
More information about the dns-operations
mailing list