This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[dns-wg] Re: Another DNSSEC action: add your DS to DLV (Was: NTIA NoI: does anyone care?
- Previous message (by thread): [dns-wg] one more effort on the NTIA response
- Next message (by thread): [dns-wg] HELP
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mats.Dufberg at teliasonera.com
Mats.Dufberg at teliasonera.com
Mon Nov 10 12:00:11 CET 2008
> From: dns-wg-admin at ripe.net [mailto:dns-wg-admin at ripe.net] On > Behalf Of David Conrad > Sent: den 25 oktober 2008 20:50 (...) > This is NOT what I am claiming. I stated: > > "[...] I personally believe [DLV] is non-scalable, non-standard, and > imputes a highly questionable trust model into _every_ > non-cached DNS lookup [...]." Configuring the resolver (caching nameserver) with a DLV also makes it as dependent on the DLV zone as it is on the root zone. If the DLV zone is unavailable, no DNSsec checking and validation will work and the server will consider all DNS data as untrusted, i.e. returning all queries with SERVFAIL. We run DNSsec validation for some 1.5 million customers with .SE as the sole trust anchor. I will leave the DLV's out for many reasons. Mats ------------------------------------------ Mats Dufberg TeliaSonera BBS P&P VAS/Internet +46-70-2582588 mats.dufberg at teliasonera.com ------------------------------------------
- Previous message (by thread): [dns-wg] one more effort on the NTIA response
- Next message (by thread): [dns-wg] HELP
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]