[Unbound-users] Google Public DNS

Marco Davids (SIDN) marco.davids at sidn.nl
Wed Mar 20 06:49:42 UTC 2013


Hi,

I suppose many of us read Google's announcement yesterday:

 
http://googleonlinesecurity.blogspot.nl/2013/03/google-public-dns-now-supports-dnssec.html

Now, Google Public DNS only validates when either the DO-bit or,
according to RFC6840, the AD-bit is set in the query.

  https://developers.google.com/speed/public-dns/faq#dnssec

Validation upon request, instead of ignoring validation by means of the
CD-bit, so to speak.

In a way, I kind of like the idea. As for some environments -such as the
one at Google- it might (for now) be a good alternative.It sort of
adheres to the idea; "everything stays the same, unless you want it to
be different" (which at the same time may be considered as undesirable...).

Anyway...

I was wondering what the opinions are on this list, regarding the
design-choices of Google. And if this feature is being considered for
Unbound (in addition to the already present ' val-permissive' mode)?

Regards,
--
Marco

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20130320/a7ebe39e/attachment.htm>


More information about the Unbound-users mailing list