ka at pacific.net
Mon Jun 3 14:28:20 UTC 2013
On 5/31/2013 5:59 PM, Paul Vixie wrote:
> Ken A wrote:
>> What is keeping nameserver vendors from building this into servers?
> if folks wanted path security between the stub and the recursive,
> there'd be some demand for SIG(0) or some uptake of TSIG.
My motivation as a user, and sysadmin, is security and privacy of all
kinds of end user data. However, I don't want to sacrifice much of the
performance or ease of use of DNS/UDP to avoid data snooping in the last
mile. That is what the announcement at
http://www.opendns.com/technology/dnscrypt/ claims to provide.
However, OpenDNS isn't open enough for me. Given the responses, it seems
that VPN is still the best solution.
Pacific Internet - http://www.pacific.net
More information about the dns-operations