[dns-operations] Implementation of negative trust anchors?

Ralf Weber Ralf.Weber at nominum.com
Wed Aug 21 05:33:59 UTC 2013


On 20.08.2013, at 20:14, Doug Barton <dougb at dougbarton.us> wrote:
> Rumor has it that Nominum and Fortidns have implementations for NTAs. Any truth to those rumors?
It's not a rumor. Nominum Vantio had this feature for some time now. As FortiDNS uses that for DNS resolution I guess it also has it.

> Anyone else have an implementation?
AFAIK Unbound also has that feature.

> Any patches for BIND?
I don't know.

> FWIW, I remain opposed to the idea, but trying to do due diligence.
I still like the idea as it is the only way for big resolver providers to deploy DNSSEC when there competitors have not.

So long
Ralf Weber
Senior Infrastructure Architect
Nominum Inc.
2000 Seaport Blvd. Suite 400 
Redwood City, California 94063
ralf.weber at nominum.com

More information about the dns-operations mailing list