> So what about all other apps that use DNS? > Don't they have to be 'fixed' too? > Should the application refuse to work if it encounters a bad DNSSEC signature? > (Any guesses as to when Bind 9.6 will appear?) If you trust your upstream resolver to do the validation for you, then all applications that use DNS are now secured by DNSSEC. If you don't trust your upstream, then your application needs to become aware of DNSSEC.
I run a validating resolver on my laptop so I am able to trust my "upstream" and therefore am not concerned about DNSSEC aware applications. Data returned regarding any zones that are in the same DLV registry that I am using is guaranteed to be legit. AlanC
