On Thu, Oct 3, 2013 at 2:54 PM, Paul Wouters <p...@cypherpunks.ca> wrote:
> You are why we can't have nice things :P > > We had enough Sitewinders. With DNSSEC on the endnode, your lies won't > be believed anway. What you are trying is wrong, bad and broken. > > This might be a fair statement in the right context. But it was taken out of context--because I really didn't provide any. Not that I need to justify my question, but since you brought it up, what I am looking to do is decrease the risk of DNS resolution failures resulting from a namespace transition by creating a fallback from the old to the new namespace. For some definite period of time after the change, an NXDOMAIN in the old namespace would result in a synthesized CNAME pointing to the same name in the new namespace. Anyway, there might not be an easy way to to do it, and we might just have to lose our safety net, but I wanted to ask users on the list if there's some obscure configuration that might be helpful. If it's not already clear from my development of DNSSEC helper tools (e.g., DNSViz), I'm an advocate of secure DNS. :) Cheers, Casey
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users