On Thu, 16 Jul 2009, David Conrad wrote:
I am *VERY* happy that DNSSEC is moving along perfectly fine
which will kill any kind of changing DNS results.
DNSSEC doesn't touch anything after the validator. It will have no effect on
the vast majority of Comcast (or other consumer oriented) ISPs' customers.
Fedora 12 is slated to run with a validator on every machine. I would
not be surprised if OSX and Microsoft go in the same direction. And the
reason for that move is precisely because the enduser cannot distinguish
malicious DNS modifications and beneign DNS modifications. So it is
better to accept none.
We are looking at how to resolve the DNS portal issues and non-dnsssec
aware resolvers in the forwarder chain. There are some ideas that need
more attention and thoughts.
Paul
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
