[dns-operations] non signing Bind & DNSSEC: a note of caution
Michael Graff
mgraff at isc.org
Mon Feb 7 20:30:18 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2011-02-07 12:28 PM, Wes Hardaker wrote:
>>>>>> On Mon, 07 Feb 2011 05:22:42 -0600, Michael Graff <mgraff at isc.org> said:
>
> MG> I also feel a global "don't be smart about anything I give you" switch
> MG> needs to go in, where named will serve whatever it is told, no matter
> MG> how insane it may be with respect to DNSSEC data.
>
> I'd look at it more generically than that. Either:
I agree with all your points.
ISC has a reworking of the signing portion of BIND 9 on the road-map for
2011, including a bump in the wire type signer. It's really just a
matter of funding and people to work on it at this stage.
I'm willing to discuss either of these points if anyone has money or time.
- --Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk1QVloACgkQLdqv0r6eD6ZBQwCdH+kpjvpieIRh04NXuPFog/Nr
ahgAn3ujLkOXcvjtiP2uG7rAHdgEupM9
=M5Ee
-----END PGP SIGNATURE-----
More information about the dns-operations
mailing list