[dns-operations] Norton DNS: Symantec emulates OpenDNS and Google

Warren Kumari warren at kumari.net
Tue Jun 8 14:04:15 UTC 2010


On Jun 7, 2010, at 9:00 PM, Jay Daley wrote:

>
> On 8/06/2010, at 1:37 AM, Phil Regnauld wrote:
>
>> 	Absolutely, but the others have advanced speed and reliability as
>> 	one of the assets.  I find it ironic that Symantec is touting this
>> 	service as a security advantage, when it clearly isn't one.
>
> I agree, especially as it could even be a security downgrade if you  
> switch to this service from a resolver that supports DNSSEC.
>
> Another point that needs challenging is the "once DNSSEC becomes  
> widely-used" part of the sentence "There are also plans to make the  
> service DNSSEC-capable once DNSSEC becomes widely used".  Caching  
> DNS providers should not be deciding on when to allow DNSSEC to pass  
> through - they should be passing it through right now, because if  
> they don't then the benefits are not realisable and it won't become  
> widely used.
>
> And then of course there is the interesting question of how they  
> intend to implement synthesis once DNSSEC is turned on?

Why not in exactly the same way that they would without DNSSEC, but  
just flipping the AD bit on?

Or are you meaning on a world where stubs actually do validation?

W
>
> cheers
> Jay
>
>
>>
>> 	Cheers,
>> 	Phil
>> _______________________________________________
>> dns-operations mailing list
>> dns-operations at lists.dns-oarc.net
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
>
> -- 
> Jay Daley
> Chief Executive
> .nz Registry Services (New Zealand Domain Name Registry Limited)
> desk: +64 4 931 6977
> mobile: +64 21 678840
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations

--
"Being the Fun-Police in the global Internet is a thankless - and  
probably futile - task."
  --  R. Whittle ("draft-whittle-sram-ip-forwarding-01.txt")








More information about the dns-operations mailing list