[dns-operations] OpenDNS adopts DNSCurve

Mike Damm mike at damm.com
Fri Feb 26 02:57:45 UTC 2010

Tony Finch wrote:
> On Thu, 25 Feb 2010, Stephane Bortzmeyer wrote:
>> http://blog.opendns.com/2010/02/23/opendns-dnscurve/
>>> High traffic DNS servers can't handle signing every response packet,
>>> so they need to pre-compute signatures. This limits how companies like
>>> Akamai and Google or projects like the NTP Pool can use DNS for global
>>> load balancing and routing users to their nearest servers.
> I don't see why these kinds of special DNS servers can't sign all the
> possible RRsets they might return offline.

How would people implement something like whoami.ultradns.net using 
DNSSEC? I ask this seriously because pre-signing seems to be the catch 
all answer for the more dynamic things people want to do with DNS, but I 
don't believe people understand how poorly that scales.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20100225/d47e889d/attachment.html>

More information about the dns-operations mailing list