>>>>> "SK" == Simon Kelley <[email protected]> writes:
SK> A valid point, but "every leaf system has to be a recursor" is not a SK> pleasant outcome of widely implementing DNSSEC. >From a security POV, every system needs its own local verifier, and every administrative domain needs its own recursor. Optimally every system will have its own validating recursor. SK> I wonder, do the browser-based validators suffer from this, or are SK> they recursors under the hood? They are full validating recursors. Often using libunbound to do the heavy lifting. -JimC -- James Cloos <[email protected]> OpenPGP: 0x997A9F17ED7DAEA6 _______________________________________________ Cerowrt-devel mailing list [email protected] https://lists.bufferbloat.net/listinfo/cerowrt-devel
