Hi, I suppose many of us read Google's announcement yesterday:
http://googleonlinesecurity.blogspot.nl/2013/03/google-public-dns-now-supports-dnssec.html Now, Google Public DNS only validates when either the DO-bit or, according to RFC6840, the AD-bit is set in the query. https://developers.google.com/speed/public-dns/faq#dnssec Validation upon request, instead of ignoring validation by means of the CD-bit, so to speak. In a way, I kind of like the idea. As for some environments -such as the one at Google- it might (for now) be a good alternative.It sort of adheres to the idea; "everything stays the same, unless you want it to be different" (which at the same time may be considered as undesirable...). Anyway... I was wondering what the opinions are on this list, regarding the design-choices of Google. And if this feature is being considered for Unbound (in addition to the already present ' val-permissive' mode)? Regards, -- Marco
_______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
