On 02/23/10 18:31, Joe Baptista wrote:
Now that OpenDNS the largest provider of public DNS supports DNSCurve
http://twitter.com/joebaptista/status/9555178362
Would it be possible to include DNScurve support in bind?
thanks
joe baptista
I'd love to see BIND adopt DNScurve...when it becomes an RFC. Until
then, I'd prefer that BIND stick to the existing body of RFCs. If
DNScurve is important enough for the whole Internet to use, then it's
important enough to drag it through the whole IETF process, political as
it may or may not be.
Personally, I think DNScurve misses the mark. My concern, as someone
who operates both authoritative and recursive servers, is that the data
on the authority side be authentic end-to-end. With DNSSEC, I can
validate that that's true.
DNScurve advocates, on the other hand, point out that DNS isn't
encrypted. Well, neither is the phone book. So what? I regard DNS as
a public database, and it's more important to me that it be
authentic--from the source--than obscurified.
While I think the OpenDNS people (especially David U., their founder)
have a huge amount of clue, I think they're barking up the wrong tree here.
michael
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
