+1, Dr Eberhard, Kind regards. Gabdibé Gabd ibé GAB-HINGONNE Tel: (+235) 66 24 95 56/99 24 95 56 Skype: live:gabdibegabhingonne E-mail : [email protected] [email protected]
Le lun. 13 janv. 2020 20:36, Dr Eberhard W Lisse <[email protected]> a écrit : > Gabdibé, > > drafting a resolution (beforehand), or even debating a resolution, is > going to achieve absolutely nothing. > > Mark, > > 50% lookups is actually almost worth than zero :-)-). > > And how many of those hit infrastructure actually in South Africa? > Does the figure include the public ones from Google and Cloudflare? > > My view is that this only works All-or-Nothing, because > noncompliant > commercial resolver operators have a commercial advantage over > complaint ones. > > Financial incentives may work as may financial or other sanctions. > > One could even make it part of the Accreditation that DNSSEC must > be > offered by the Registrars. > > But while the Registrars are usually the entities operating the DNS > and as such have control over the end-user's DNS anyway, the chain > of trust should go up to the end user and not just the Registrar. > > Talking to the banks has so far not been very effective, they are > happy with HTTPS even though they forget to renew their certificate > on a regular basis, never mind the expense. > > I don't have the answer either. > > If anyone has a technical "solution" or project going on, and is coming > to Cancun, please feel free to propose a presentation at TechDay on the > Monday. > > greetings, el > > On 10/01/2020 15:26, Mark Elkins wrote: > > I also like the sound of Barrack's proposal. What exactly does "DNS > > Abuse" mean though? > > > > If it is to try and get all important Domains DNSSEC Signed and for > > all DNS Resolvers to become DNSSEC aware - that would be a winner in > > my book! > > > > Incidentally - about 50% of all DNS lookups in South Africa are DNSSEC > > aware. That's actually the easy bit. Just have the Internet > > Connection suppliers enable DNSSEC on their resolvers. > > > > Getting the bulk or at least the important Domains DNSSEC Signed will > > be a bit more challenging but is quite possible; e.g. any domain for a > > website which may involve a financial transaction or deal with > > personal information. > > > > On my Domain Registration and Hosting Platform, if I am running the > > Registrants DNS (Zone file), DNSSEC is simply an option the Registrant > > can switch on. I could change that and simply enable it for everyone. > > However, if the Domain is then moved to a Registrar that does not > > support DNSSEC - there would be issues for the new Registrar. > > > > On 2020/01/10 14:20, Gabdibé GAB-HINGONNE wrote: > >> Dear All, > >> I support Barrack's proposal. > >> Building the capacity of African end users on the general question > >> related to the DNS is very important. > >> Kind regards > >> Gabdibé > >> > _______________________________________________ > AFRI-Discuss mailing list > [email protected] > https://atlarge-lists.icann.org/mailman/listinfo/afri-discuss > > Homepage for the region: http://www.afralo.org > > Posting guidelines to ensure machine translations of emails sent to this > list are more accurate: > http://www.funredes.org/mistica/english/emec/method_emec/presentation.html#anexo1 > _______________________________________________ > By submitting your personal data, you consent to the processing of your > personal data for purposes of subscribing to this mailing list accordance > with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and > the website Terms of Service (https://www.icann.org/privacy/tos). You can > visit the Mailman link above to change your membership status or > configuration, including unsubscribing, setting digest-style delivery or > disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________ AfrICANN mailing list [email protected] https://lists.afrinic.net/mailman/listinfo/africann
