[dns-operations] Implementation of negative trust anchors?
warren at kumari.net
Wed Aug 21 15:25:48 UTC 2013
On Aug 21, 2013, at 1:33 AM, Ralf Weber <Ralf.Weber at nominum.com> wrote:
> On 20.08.2013, at 20:14, Doug Barton <dougb at dougbarton.us> wrote:
>> Rumor has it that Nominum and Fortidns have implementations for NTAs. Any truth to those rumors?
> It's not a rumor. Nominum Vantio had this feature for some time now. As FortiDNS uses that for DNS resolution I guess it also has it.
>> Anyone else have an implementation?
> AFAIK Unbound also has that feature.
>> Any patches for BIND?
> I don't know.
>> FWIW, I remain opposed to the idea, but trying to do due diligence.
> I still like the idea as it is the only way for big resolver providers to deploy DNSSEC when there competitors have not.
+lots. Penalizing the early adopters simply leads to no deployment.
> So long
> Ralf Weber
> Senior Infrastructure Architect
> Nominum Inc.
> 2000 Seaport Blvd. Suite 400
> Redwood City, California 94063
> ralf.weber at nominum.com
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> dns-jobs mailing list
American Non-Sequitur Society;
we don't make sense, but we do like pizza!
More information about the dns-operations