[dns-operations] Implementation of negative trust anchors?
Ralf.Weber at nominum.com
Wed Aug 21 05:33:59 UTC 2013
On 20.08.2013, at 20:14, Doug Barton <dougb at dougbarton.us> wrote:
> Rumor has it that Nominum and Fortidns have implementations for NTAs. Any truth to those rumors?
It's not a rumor. Nominum Vantio had this feature for some time now. As FortiDNS uses that for DNS resolution I guess it also has it.
> Anyone else have an implementation?
AFAIK Unbound also has that feature.
> Any patches for BIND?
I don't know.
> FWIW, I remain opposed to the idea, but trying to do due diligence.
I still like the idea as it is the only way for big resolver providers to deploy DNSSEC when there competitors have not.
Senior Infrastructure Architect
2000 Seaport Blvd. Suite 400
Redwood City, California 94063
ralf.weber at nominum.com
More information about the dns-operations