On 22 May 2019, at 23:31, Evan Hunt wrote:
> One possible reason is distribution of trust anchors for a private corporate
> domain.
Aren't there better days to do this?
Or at least other ways to do this?
Anything to make bind leaner and meaner and with fewer LOCs seems like a plus
to me.
On Wed, May 22, 2019 at 12:41:05PM +0100, Jim Reid wrote:
> ISC said DLV would go away once the root got signed. It's long outlived
> its usefulness (DLV that is, not ISC). The root first got signed ~10
> years ago. That's more than enough time to make other arrangements and
> have an orderly
Matthijs Mekking wrote:
>
> The BIND 9 development team has been discussing whether we should remove
> the DLV code from the BIND 9 source.
DLV as it currently works is not useful and it's a lot of complexity to
carry around. However, with some tweaks it might be made useful. On the
> On 21 May 2019, at 16:00, Hugo Salgado-Hernández wrote:
>
> One important thing is that the "islands of security" concept
> may be necessary in different places (companies? communities?)
> and the DLV technique is not limited to the root. For the same
> reason I consider that Bind's support
Last year I was involved in a project to allow the signing of
domains in the second level of a country, when the TLD has
signed yet. It's a reality in certain regions. I get it
that the idea is to put pressure on the TLD, but this
institution was the largest ISP in the country and considered
that
At this point I think DLV is actively dangerous -- I'm not sure if it
"easy" to remove the code without too much risk, but an initial start
would be to make it impossible^whard to enable it (and initially log
an error message for people who already have it configured...).
W
On Tue, May 21, 2019
Hi Grant,
On 5/20/19 11:44 PM, Grant Taylor via bind-users wrote:
On 5/20/19 4:34 AM, Matthijs Mekking wrote:
* It will make the code much easier to maintain, which is beneficial
for users too since that will mean in general less bugs, easier to
find bugs, and easier to extend it with new
On 5/20/19 4:34 AM, Matthijs Mekking wrote:
* It will make the code much easier to maintain, which is beneficial for
users too since that will mean in general less bugs, easier to find
bugs, and easier to extend it with new features.
Drive by 2¢ comment:
Is the existing DLV code causing a
Dear BIND 9 users,
The BIND 9 development team has been discussing whether we should remove
the DLV code from the BIND 9 source. Reasons for doing this:
* The zone dlv.isc.org has been decommissioned some time ago.
* It will make the code much easier to maintain, which is beneficial
9 matches
Mail list logo