Hi Ed, As you've noticed, DNSSEC has been around for a long while. If you're interested in the status, start here:
http://www.internetsociety.org/blog/tech-matters/2014/07/rough-guide-ietf-90-dnssec-dane-and-dns-security http://www.dnssec-deployment.org/ Cheers, Francis Francis Liu *Architect, Consultant, Product Manager* P: 0412 672 317 On 9 December 2014 at 11:04, Edward Ned Harvey (lopser) < lop...@nedharvey.com> wrote: > > From: tech-boun...@lists.lopsa.org [mailto:tech-boun...@lists.lopsa.org] > > On Behalf Of Edward Ned Harvey (lopser) > > > > In short, the question is: > > > > What is the behavior of an old dns caching server, when it receives a > client > > query for record types that it is too old to understand? Is it able to > dumbly > > relay that query upstream, and dumbly relay the response back? > > Apparently, RFC 3597, published in 2003, was specifically written in > preparation for this. The RFC states that a dns caching server should > preserve data blobs unmodified. > > So, since 2010 when the root zone was signed, it seems that DNSSEC should > be good and usable, and provides all upside with no downside. The only > piece missing is the practical piece - Client resolvers in general right > now don't request security (Come on, Microsoft, Apple, etc, get with it!) > And if you want to implement DNSSEC on your domain, it's not widely > supported by domain registrars & dns host providers. > > I checked - Godaddy offers DNSSEC as an up-charge service. Namecheap > doesn't offer it in their DNS servers (I did not check if their domain > registrar supports it). Amazon Route 53 doesn't support it. > _______________________________________________ > Tech mailing list > Tech@lists.lopsa.org > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ >
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
