>>>>> "SK" == Simon Kelley <si...@thekelleys.org.uk> writes:
SK> A valid point, but "every leaf system has to be a recursor" is not a SK> pleasant outcome of widely implementing DNSSEC. >From a security POV, every system needs its own local verifier, and every administrative domain needs its own recursor. Optimally every system will have its own validating recursor. SK> I wonder, do the browser-based validators suffer from this, or are SK> they recursors under the hood? They are full validating recursors. Often using libunbound to do the heavy lifting. -JimC -- James Cloos <cl...@jhcloos.com> OpenPGP: 0x997A9F17ED7DAEA6 _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss