[dns-operations] Enabling DNS split authority with OctoDNS | GitHub Engineering.

Patrik Fältström paf at frobbit.se
Fri Apr 28 05:58:55 UTC 2017

On 27 Apr 2017, at 23:08, Paul Vixie wrote:

> i would be shocked if github hadn't considered the cost/benefit of
> making their design dnssec-capable, and i'd also be shocked had they
> decided that dnssec was a must-have.

I also think they have, and think because of this their choice is "interesting".

> note, i personally use dnssec everywhere, and i'm hoping hard for DANE.

So am I.

> so, shooting the messenger would be particularly unjust in this case.

This was not my intention, if interpreted like that.

My intention was to bring to the light the fact DNSSEC was not included and that specifically as the case was brought up in THIS group another indication to us that people make this choice. Should either DNS be the toll you play around with in various ways OR should you use DNSSEC?

My view is that we DO have DNSSEC and I can still play around a bit with DNS and HTTP (etc) together, but I fight really hard to do things given I have DNSSEC and TLS. I see those as constraints. Not as many knobs to turn but some.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: OpenPGP digital signature
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20170428/2cc17531/attachment.sig>

More information about the dns-operations mailing list