[dns-operations] resolvers considered harmful
paul.hoffman at vpnc.org
Thu Oct 23 18:00:31 UTC 2014
On Oct 23, 2014, at 10:29 AM, Andrew Sullivan <ajs at anvilwalrusden.com> wrote:
> On Thu, Oct 23, 2014 at 07:25:46AM -0700, Paul Hoffman wrote:
>> Speaking as someone who supports all end systems to be their own validating recursive resolver.
> "Validating" I get. Why recursive?
That's a fair question. I'm much more interested in validating than recursive. I don't believe that enough upstream resolvers will reliably get the end system answers that can be validated, so the validating end system will have to be able to be a recursive some of the time anyway. I suppose it would be better to have the end system be a "validating stub-but-recursor-when-necessary", but that seems weird. Maybe it isn't.
More information about the dns-operations