Daniel Kalchev (daniel) writes:
>
> DNSSEC is not some magical technology that just solves "the problems".
>
> On this, I am with Doug, that "if there is a high price for doing it
> wrong less people will do it wrong".
Couple more things. a) Local policy allows you not to enable validation
*at all* in the first place. b) Validating caching resolvers will be
around for many more years, but if you can, validate on the client/
application. The closer, the better. If we stop at the current state
of things, we haven't done our job. If NTAs help, so be it.
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
