In message <[EMAIL PROTECTED]>, Russ Housley writes:
> I have been approached about a plenary experiment regarding
> DNSSEC. The idea is for everyone to try using DNSSEC-enabled clients
> during the plenary session. I like the idea. What do others think?
>
> Russ
>
> _______________________________________________
> Ietf mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/ietf
The first thing we should address is the lack of signed
zones under the control of the IETF.
; <<>> DiG 9.3.5-P2 <<>> dnskey ietf.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29574
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;ietf.org. IN DNSKEY
;; AUTHORITY SECTION:
ietf.org. 7200 IN SOA ns0.ietf.org. glen.amsl.com.
1200000073 1800 1800 604800 7200
;; Query time: 344 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Nov 27 10:06:43 2008
;; MSG SIZE rcvd: 79
Secondly we should just turn on DNSSEC validation on the
recursive servers offered by DHCP and RAs. This should be
on for the entire week. This is what we are asking ISP's
to do and I see no reason why we shouldn't do the same.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED]
_______________________________________________
Ietf mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf
