DNSSEC and ISPs faking DNS responses

Stephane Bortzmeyer bortzmeyer at nic.fr
Fri Nov 13 22:02:42 UTC 2015

On Fri, Nov 13, 2015 at 10:24:27AM -0800,
 Mark Milhollan <mlm at pixelgate.net> wrote 
 a message of 30 lines which said:

> Would the masses ever replace their stub with a full resolver?
> Doubtful, unless their OS vendor does it for them.

Fedora already does it, apparently, with the excellent dnssec-trigger.

> Would the various authoritiative operators be happy / agree?

Wearing my TLD operator hat: yes, we agree and we're ready for that.

More information about the NANOG mailing list