[185809] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: DNSSEC and ISPs faking DNS responses

daemon@ATHENA.MIT.EDU (Stephane Bortzmeyer)
Fri Nov 13 17:10:05 2015

X-Original-To: nanog@nanog.org
Date: Fri, 13 Nov 2015 23:02:42 +0100
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Mark Milhollan <mlm@pixelgate.net>
In-Reply-To: <Pine.LNX.4.64.1511130909490.9313@gw-admin.pixelgate.net>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org

On Fri, Nov 13, 2015 at 10:24:27AM -0800,
 Mark Milhollan <mlm@pixelgate.net> wrote 
 a message of 30 lines which said:

> Would the masses ever replace their stub with a full resolver?
> Doubtful, unless their OS vendor does it for them.

Fedora already does it, apparently, with the excellent dnssec-trigger.

> Would the various authoritiative operators be happy / agree?

Wearing my TLD operator hat: yes, we agree and we're ready for that.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[185809] in North American Network Operators' Group

Re: DNSSEC and ISPs faking DNS responses

daemon@ATHENA.MIT.EDU (Stephane Bortzmeyer)Fri Nov 13 17:10:05 2015

daemon@ATHENA.MIT.EDU (Stephane Bortzmeyer)
Fri Nov 13 17:10:05 2015