[129000] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: DNSSEC and SSL

daemon@ATHENA.MIT.EDU (bmanning@vacation.karoshi.com)
Sun Aug 22 17:35:44 2010

Date: Sun, 22 Aug 2010 21:34:02 +0000
From: bmanning@vacation.karoshi.com
To: ML <ml@kenweb.org>
In-Reply-To: <4C71220F.6040806@kenweb.org>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

On Sun, Aug 22, 2010 at 09:11:43AM -0400, ML wrote:
> On 8/22/2010 2:38 AM, Mikael Abrahamsson wrote:
> > No, because DNSSEC isn't secured all the way from the DNS server to the
> > application, only to the resolver. Both systems have problems, I'd
> > imagine the best security is when they work together.
> > 
> 
> Is a DNSSEC capable stub resolver not in the cards?
> 

	yes it is. unbound was originally designed for that very niche.

--bill


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[129000] in North American Network Operators' Group

Re: DNSSEC and SSL

daemon@ATHENA.MIT.EDU (bmanning@vacation.karoshi.com)Sun Aug 22 17:35:44 2010

daemon@ATHENA.MIT.EDU (bmanning@vacation.karoshi.com)
Sun Aug 22 17:35:44 2010