[100706] in North American Network Operators' Group
Re: Hey, SiteFinder is back, again...
daemon@ATHENA.MIT.EDU (David Conrad)
Mon Nov 5 17:50:09 2007
In-Reply-To: <C354D585.3B42%bora.akyol@aprius.com>
Cc: nanog list <nanog@merit.edu>
From: David Conrad <drc@virtualized.org>
Date: Mon, 5 Nov 2007 14:46:27 -0800
To: Bora Akyol <bora.akyol@aprius.com>
Errors-To: owner-nanog@merit.edu
On Nov 5, 2007, at 2:13 PM, Bora Akyol wrote:
> Do common endpoints (Windows Vista/XP, MacOS X 10.4/5) support DNSSEC
> Validation? If not, then do people have a choice?
Yes and no.
If you run your own caching server and that caching server supports
DNSSEC and you enable DNSSEC and set up/maintain the trust anchors,
then yes.
So yes, pedantically speaking, there is a choice. Pragmatically
speaking, I doubt this is really an option for any but the geekiest
and/or terminally paranoid. Even the first bit of the previous "if"
statement is probably beyond most...
Regards,
-drc
P.S. From experience, running your own caching server can result in
problems when connecting via T-Mobile hotspot and some hotel
authentication abominations... (sigh).