[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

hat tip to .gov hostmasters

Subject: hat tip to .gov hostmasters
From: fweimer at bfk.de (Florian Weimer)
Date: Mon, 22 Sep 2008 17:13:25 +0200
In-reply-to: <[email protected]> (Simon Vallet's message of "Mon, 22 Sep 2008 16:59:37 +0200")
References: <[email protected]> <[email protected]> <[email protected]>

* Simon Vallet:

>> I'm not much up on DNSSEC, but don't you need to be using a resolver
>> that recognizes DNSSEC in order for this to be useful?
>
> You do -- and last time I checked few native resolvers actually did :
> glibc doesn't, and I'd be surprised if the Windows resolver does

Windows doesn't.  To my knowledge, there aren't any deployed
valdiating, security-aware stub resolvers.  Your best bet is to run
BIND or Unbound locally with appropriate trust anchors, and use that
as the system's resolver.  With modern LRU-based caches which are
efficient even at smallish sizes, this isn't much of a problem.

-- 
Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstra?e 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99

References:
- hat tip to .gov hostmasters
  - From: darkuncle at gmail.com (Scott Francis)
- hat tip to .gov hostmasters
  - From: xenophage0 at gmail.com (Jason Frisvold)
- hat tip to .gov hostmasters
  - From: nanog at castalie.org (Simon Vallet)

Prev by Date: hat tip to .gov hostmasters
Next by Date: hat tip to .gov hostmasters
Previous by thread: hat tip to .gov hostmasters
Next by thread: hat tip to .gov hostmasters
Index(es):
- Date
- Thread