[107986] in North American Network Operators' Group
Re: hat tip to .gov hostmasters
daemon@ATHENA.MIT.EDU (Florian Weimer)
Mon Sep 22 10:56:29 2008
To: "Jason Frisvold" <xenophage0@gmail.com>
From: Florian Weimer <fweimer@bfk.de>
Date: Mon, 22 Sep 2008 16:56:20 +0200
In-Reply-To: <924f29280809220752i646b69e5u5455ac5426f0cc07@mail.gmail.com>
(Jason Frisvold's message of "Mon, 22 Sep 2008 10:52:42 -0400")
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
* Jason Frisvold:
> On Mon, Sep 22, 2008 at 10:34 AM, Scott Francis <darkuncle@gmail.com> wro=
te:
>> nice to see a wholesale DNSSEC rollout underway (I must confess to being=
a
>> little surprised at the source, too!). Granted, it's a much more managea=
ble
>> problem set than, say, .com - but if one US-controlled TLD can do it, ho=
pe
>> is buoyed for a .com rollout sooner rather than later (although probably=
not
>> much sooner :)).
>
> I'm not much up on DNSSEC, but don't you need to be using a resolver
> that recognizes DNSSEC in order for this to be useful?
Correct, you need a validating, security-aware stub resolver, or the
ISP needs to validate the records for you.
--=20
Florian Weimer <fweimer@bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstra=DFe 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
