North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: hat tip to .gov hostmasters

  • From: Florian Weimer
  • Date: Mon Sep 22 10:56:26 2008

* Jason Frisvold:

> On Mon, Sep 22, 2008 at 10:34 AM, Scott Francis <darkuncle@xxxxxxxxx> wrote:
>> nice to see a wholesale DNSSEC rollout underway (I must confess to being a
>> little surprised at the source, too!). Granted, it's a much more manageable
>> problem set than, say, .com - but if one US-controlled TLD can do it, hope
>> is buoyed for a .com rollout sooner rather than later (although probably not
>> much sooner :)).
>
> I'm not much up on DNSSEC, but don't you need to be using a resolver
> that recognizes DNSSEC in order for this to be useful?

Correct, you need a validating, security-aware stub resolver, or the
ISP needs to validate the records for you.

-- 
Florian Weimer                <fweimer@xxxxxx>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99