[100714] in North American Network Operators' Group
Re: Hey, SiteFinder is back, again...
daemon@ATHENA.MIT.EDU (Eliot Lear)
Tue Nov 6 01:56:18 2007
Date: Tue, 06 Nov 2007 07:55:07 +0100
From: Eliot Lear <lear@cisco.com>
To: David Conrad <drc@virtualized.org>
CC: Bora Akyol <bora.akyol@aprius.com>, nanog list <nanog@merit.edu>
In-Reply-To: <97B6E326-1C44-48B8-B171-4C54F2B6FE3D@virtualized.org>
Errors-To: owner-nanog@merit.edu
David Conrad wrote:
>
> On Nov 5, 2007, at 2:13 PM, Bora Akyol wrote:
>> Do common endpoints (Windows Vista/XP, MacOS X 10.4/5) support DNSSEC
>> Validation? If not, then do people have a choice?
>
> Yes and no.
Of course, nobody supports the "Evil bit" today, so some change would be
necessary one way or the other to deal with this. One wonders whether
Verizon's behavior is enough to cause Microsoft to turn on a caching
resolver. One issue Dave didn't raise is that firewalls often block DNS
requests from OTHER than caching resolvers.
Cough. So, how much is that NXDOMAIN worth to you?
Eliot