Jonathan de Boyne Pollard wrote: > That's also nothing to do with DNSCurve. You weren't making a DNSCurve > query there. You were simply querying, with an ordinary DNS query, a > proxy DNS server that is under someone else's control and getting the > view of the DNS namespace that that someone else chose to give to you. > OpenDNS have "subverted" you (inasmuch as one can call accepting control > of the DNS namespace from people who deliberately hand it over to them > "subversion") entirely without DNSCurve. This is simply the well-known > risk of using other people's proxy servers. There's nothing new here, > and nothing related to DNSCurve here.
I fully understand that this was not a DNSCurve query. My point was that this "ability" of OpenDNS will go away if and when they choose a technology that actually provides end-to-end validation of the DNS query/response in question. Why would OpenDNS adopt a technology that destroys their own business model? They argue against DNSSEC, yet they implement DNSCurve. Interesting... Anyway, this has gone far enough off-topic ("bind-users") that I'm going to curtail my responses here. Feel free to follow up with me directly if you'd like. AlanC
signature.asc
Description: OpenPGP digital signature
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users