[Unbound-users] unbound 1.4.6 released
Leen Besselink
leen at consolejunkie.net
Tue Aug 3 21:39:54 UTC 2010
On 08/03/2010 04:59 PM, W.C.A. Wijngaards wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Kevin,
>
> On 08/03/2010 03:23 PM, Kevin Chadwick wrote:
>
>> Is it possible to add dnscurve support to the todo list?
>>
> It is currently at the IETF and if that standardization (and fix)
> process is done, then we can consider adding it. Of course we also want
> a lean-and-mean validator for unbound, so no unnecessary features. The
> IETF process can take some time and make changes to the spec, therefore
> the decision is better made at a later date.
>
> The root was just signed with DNSSEC, a week or so ago, so I updated the
> Howto DNSSEC on the unbound website for that earlier today. RFC5011
> tracking of the root anchor is much easier than tracking every
> topleveldomain with cron.
>
>
How about TSIG ? I think it can be used (if an stub-resolver like ldns
implements it) to secure 'the last mile'.
__
Did you also see this idea by Dan Kaminsky ? I thought it was pretty smart.
It takes part of the idea from dnscurve and combines it with DNSSEC to
get faster/more DNSSEC deployment:
http://recursion.com/chain.pdf
> Best regards,
> Wouter
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.14 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkxYLu8ACgkQkDLqNwOhpPiX4gCgoj92t/iJr1lBIwN7W1I1wQvL
> jHYAnRQUyVJdV+c3/ETsAVl0iH2RA9NQ
> =NYMP
> -----END PGP SIGNATURE-----
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
>
>
More information about the Unbound-users
mailing list