[dns-operations] resolvers considered harmful

Paul Hoffman paul.hoffman at vpnc.org
Thu Oct 23 18:00:31 UTC 2014

On Oct 23, 2014, at 10:29 AM, Andrew Sullivan <ajs at anvilwalrusden.com> wrote:
> On Thu, Oct 23, 2014 at 07:25:46AM -0700, Paul Hoffman wrote:
>> Speaking as someone who supports all end systems to be their own validating recursive resolver.
> "Validating" I get.  Why recursive?

That's a fair question. I'm much more interested in validating than recursive. I don't believe that enough upstream resolvers will reliably get the end system answers that can be validated, so the validating end system will have to be able to be a recursive some of the time anyway. I suppose it would be better to have the end system be a "validating stub-but-recursor-when-necessary", but that seems weird. Maybe it isn't.

--Paul Hoffman

More information about the dns-operations mailing list