A Deep Dive on the Recent Widespread DNS Hijacking

• Previous message (by thread): A Deep Dive on the Recent Widespread DNS Hijacking
• Next message (by thread): A Deep Dive on the Recent Widespread DNS Hijacking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mark Andrews <marka at isc.org> wrote:
>
> An organisation can also deploy DLV for their own zones using their own
> registry.  While the current code DLV validating code is only invoked
> when the response validates as insecure, there is nothing preventing a
> policy which says that DLV trumps or must also validate for entries in a
> registry.  At this stage is would be a minor code change to add such
> policy knobs.  DLV is a just a in-band way of distributing trust
> anchors.

Yes (as Mark knows) I would like to be able to use DLV in this enterprisey
way. It should also help validators to continue working for local domains
when external connectivity is funted.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
East Sole, Lundy, Fastnet, Irish Sea: Southeasterly 4 or 5. Rough or very
rough, but slight or moderate in Irish Sea. Mainly fair. Good, occasionally
poor.

• Previous message (by thread): A Deep Dive on the Recent Widespread DNS Hijacking
• Next message (by thread): A Deep Dive on the Recent Widespread DNS Hijacking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]