On Mon, 24 Feb 2014, /dev/rob0 wrote:
Oh yes - DNSSEC. When will it come? In hundred years?
Dirk, do you mind explaining this? Are you having trouble finding
DNSSEC-enabled DNS hosting?
Reading about it for years - always with "Delayed" as main information
(same like for IPv6). But OTOH during my current tests I detected that my
mobile phone dialin provider offered me a nameserver supporting DNSSEC
(whether I'll trust them to verify the entries for me is another matter,
but at least they do). Maybe there really is progress.
I'll again ask my DNS provider for their time-frame. Let's see if there
will be movement this year.
Self-hosting of DNS is not that difficult; in fact I think to set up
and maintain a Postfix MTA is much more challenging than BIND named.
But as with self-hosting mail, you get exposure to attacks and the
need to watch for security issues and patches.
I also run bind, but only for Dyn-DNS service. I'm not ready to risk all
my services with my own DNS server installation - Only non-critical
infrastructure (i.e. NOT the mail servers).
Yep, I think DNSSEC and DANE will cheer you up quite well. :)
Yes, it sounds fine. I'm waiting for it. But since the first time I heard
about DNS based certificate some time is gone and I'm still waiting...
Ciao
--
http://www.dstoecker.eu/ (PGP key available)
