DNSSEC and ISPs faking DNS responses
bortzmeyer at nic.fr
Fri Nov 13 22:02:42 UTC 2015
On Fri, Nov 13, 2015 at 10:24:27AM -0800,
Mark Milhollan <mlm at pixelgate.net> wrote
a message of 30 lines which said:
> Would the masses ever replace their stub with a full resolver?
> Doubtful, unless their OS vendor does it for them.
Fedora already does it, apparently, with the excellent dnssec-trigger.
> Would the various authoritiative operators be happy / agree?
Wearing my TLD operator hat: yes, we agree and we're ready for that.
More information about the NANOG