[dns-operations] DNSCrypt.

Joe Abley jabley at hopcount.ca
Fri May 31 15:38:46 UTC 2013


On 2013-05-31, at 11:24, "Dobbins, Roland" <rdobbins at arbor.net> wrote:

> There's no crypto anything inherent in DNS today, heh.

Well, apart from the use of TSIG to authenticate zone transfers.

As I mentioned obliquely, I haven't heard of any widespread use of TSIG or SIG(0) to authenticate the channel between a stub resolver and a recursive resolver, but I'd hesitate to deny that there's any deployment without thinking of what numbers could possibly back up that claim.


Joe




More information about the dns-operations mailing list