[dns-operations] Implementation of negative trust anchors?

Warren Kumari warren at kumari.net
Wed Aug 21 15:25:48 UTC 2013


On Aug 21, 2013, at 1:33 AM, Ralf Weber <Ralf.Weber at nominum.com> wrote:

> Moin!
> 
> On 20.08.2013, at 20:14, Doug Barton <dougb at dougbarton.us> wrote:
>> Rumor has it that Nominum and Fortidns have implementations for NTAs. Any truth to those rumors?
> It's not a rumor. Nominum Vantio had this feature for some time now. As FortiDNS uses that for DNS resolution I guess it also has it.
> 
>> Anyone else have an implementation?
> AFAIK Unbound also has that feature.
> 
>> Any patches for BIND?
> I don't know.
> 
>> FWIW, I remain opposed to the idea, but trying to do due diligence.
> I still like the idea as it is the only way for big resolver providers to deploy DNSSEC when there competitors have not.

+lots. Penalizing the early adopters simply leads to no deployment. 

W

> 
> So long
> -Ralf
> ---
> Ralf Weber
> Senior Infrastructure Architect
> Nominum Inc.
> 2000 Seaport Blvd. Suite 400 
> Redwood City, California 94063
> ralf.weber at nominum.com
> 
> 
> 
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
> 

-- 
American Non-Sequitur Society; 
we don't make sense, but we do like pizza!





More information about the dns-operations mailing list