US government mandates? use of DNSSEC by federal agencies

• Previous message (by thread): US government mandates? use of DNSSEC by federal agencies
• Next message (by thread): US government mandates? use of DNSSEC by federal agencies
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Aug 27, 2008, at 11:03 AM, Michael Thomas wrote:
> Of course embedded frobs that don't
> auto-update like, oh say, your favorite router could be problematic.

You have a router that supports DNSSEC that can't be made to do some  
form of auto-update?

> In any case, the point of my first question was really about the
> concern of false positives. Do we really have any idea what will
> happen if you hard fail dnssec failures?

As far as I'm aware, there is no 'soft fail' for DNSSEC failures.  In  
the caching servers I'm familiar with, if a name fails to validate, it  
used to be that it doesn't get cached and SERVFAIL is returned.  Maybe  
that's been fixed?

Regards,
-drc

• Previous message (by thread): US government mandates? use of DNSSEC by federal agencies
• Next message (by thread): US government mandates? use of DNSSEC by federal agencies
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]