In response to your query on dnssec in the browser, I use this. https://addons.mozilla.org/en-us/firefox/addon/dnssec-validator/
------Original Message------ From: Jimmy Hess To: Mark Andrews Cc: Welch, Bryan Cc: [email protected] Subject: Re: Experience with Open Source load balancers? Sent: May 17, 2011 7:07 PM On Tue, May 17, 2011 at 6:23 PM, Mark Andrews <[email protected]> wrote: [snip] > > Better still would be for them to return AAAA records but until one > is ready to do that the negative responses need to be correct. Hm... better would be for load balancers operate transparently at Layer 3 and not tamper with the contents of answers from proper DNS servers. Eating traffic based on application content, or turning NOERROR, 0 matches into NXDOMAIN is seriously f***'ed up. I look forward to more domains having DS records published by TLDs w/ signed zones... and possibly browsers displaying warnings trying to visit HTTPS domains without a signed zone. perhaps load balancers/middle box manufacturers will start to become a little bit more honest in what they do with DNS traffic :) -- -JH Sent via BlackBerry from T-Mobile
