[dns-operations] Implementation of negative trust anchors?

Ralf Weber Ralf.Weber at nominum.com
Wed Aug 21 05:33:59 UTC 2013


Moin!

On 20.08.2013, at 20:14, Doug Barton <dougb at dougbarton.us> wrote:
> Rumor has it that Nominum and Fortidns have implementations for NTAs. Any truth to those rumors?
It's not a rumor. Nominum Vantio had this feature for some time now. As FortiDNS uses that for DNS resolution I guess it also has it.

> Anyone else have an implementation?
AFAIK Unbound also has that feature.

> Any patches for BIND?
I don't know.

> FWIW, I remain opposed to the idea, but trying to do due diligence.
I still like the idea as it is the only way for big resolver providers to deploy DNSSEC when there competitors have not.

So long
-Ralf
---
Ralf Weber
Senior Infrastructure Architect
Nominum Inc.
2000 Seaport Blvd. Suite 400 
Redwood City, California 94063
ralf.weber at nominum.com






More information about the dns-operations mailing list