Pretty soon we'll have a blacklist of DNS servers that don't support DNSSEC for .gov. =) Frank -----Original Message----- From: Chris Owen [mailto:owenc@hubris.net] Sent: Monday, September 22, 2008 10:02 AM To: NANOG list Subject: Re: hat tip to .gov hostmasters -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sep 22, 2008, at 9:59 AM, Simon Vallet wrote:
On Mon, 22 Sep 2008 10:52:42 -0400 "Jason Frisvold" <xenophage0@gmail.com> wrote:
I'm not much up on DNSSEC, but don't you need to be using a resolver that recognizes DNSSEC in order for this to be useful?
You do -- and last time I checked few native resolvers actually did : glibc doesn't, and I'd be surprised if the Windows resolver does
Chicken, meet egg. I think the point of the original post is that one end or the other has to start things. At least we have one US zone doing something on the server end of things. Chris ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Chris Owen ~ Garden City (620) 275-1900 ~ Lottery (noun): President ~ Wichita (316) 858-3000 ~ A stupidity tax Hubris Communications Inc www.hubris.net ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Public Key: http://home.hubris.net/owenc/pgpkey.txt Comment: Public Key ID: 0xB513D9DD iEYEARECAAYFAkjXs30ACgkQElUlCLUT2d0SfwCbB8FQ4izN061GoQQMl3fkq+NT ga0AoJnwGG8PfBs5PaziRB6m0NQBuZwc =68dm -----END PGP SIGNATURE-----