[dns-operations] Enabling DNS split authority with OctoDNS | GitHub Engineering.
Paul Vixie
paul at redbarn.org
Thu Apr 27 21:08:45 UTC 2017
Patrik Fältström wrote:
> On 27 Apr 2017, at 20:22, Roland Dobbins wrote:
>
>> <https://githubengineering.com/enabling-split-authority-dns-with-octodns/>
>
> I do not see signs of DNSSEC...
dnssec is widely seen as a way to make your dns service more fragile,
without adding support for any new apps, and without defending against
any threat model that's in any way common.
i would be shocked if github hadn't considered the cost/benefit of
making their design dnssec-capable, and i'd also be shocked had they
decided that dnssec was a must-have.
note, i personally use dnssec everywhere, and i'm hoping hard for DANE.
so, shooting the messenger would be particularly unjust in this case.
--
P Vixie
More information about the dns-operations
mailing list