hat tip to .gov hostmasters

Scott Francis darkuncle at gmail.com
Mon Sep 22 10:43:36 CDT 2008

On Mon, Sep 22, 2008 at 8:16 AM, Jason Frisvold <xenophage0 at gmail.com> wrote:
> On Mon, Sep 22, 2008 at 11:02 AM, Chris Owen <owenc at hubris.net> wrote:
>> Chicken, meet egg.
>> I think the point of the original post is that one end or the other has to
>> start things.  At least we have one US zone doing something on the server
>> end of things.
> Oh, agreed, absolutely.  And it's great to see.  However, neither the
> slashdot blurb, nor the NetworkWorld article mention that without a
> valid resolver, there is no guarantee of security.  Sure, they mention
> that vendors are rolling it out and that ISPs should be following
> suit, but no mention is made of the end-user's resolver at all...

the NetworkWorld article (in the printer-friendly version, at least)
has a little table that shows the DNSSEC status of the major vendors.
And support in the resolver library is not strictly necessary, as long
as you trust _your_ (or your ISP's) nameservers.

(not to say that it isn't a good idea, just that it's not requirement
for initial rollout.)
[email protected]{gmail.com,darkuncle.net} || 0x5537F527
 http://darkuncle.net/pubkey.asc for public key

More information about the NANOG mailing list