[dns-operations] OpenDNS adopts DNSCurve
mike at damm.com
Fri Feb 26 02:57:45 UTC 2010
Tony Finch wrote:
> On Thu, 25 Feb 2010, Stephane Bortzmeyer wrote:
>>> High traffic DNS servers can't handle signing every response packet,
>>> so they need to pre-compute signatures. This limits how companies like
>>> Akamai and Google or projects like the NTP Pool can use DNS for global
>>> load balancing and routing users to their nearest servers.
> I don't see why these kinds of special DNS servers can't sign all the
> possible RRsets they might return offline.
How would people implement something like whoami.ultradns.net using
DNSSEC? I ask this seriously because pre-signing seems to be the catch
all answer for the more dynamic things people want to do with DNS, but I
don't believe people understand how poorly that scales.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations