[Unbound-users] Google Public DNS
Ondřej Surý
ondrej at sury.org
Wed Mar 20 07:22:58 UTC 2013
The question to answer is: How many stub resolver do set DO/AD flag or eve allow to set it? So this doesn't make much sense to me to implement in Unbound too, since I consider this practically useless.
Ondřej Surý
On 20. 3. 2013, at 7:49, "Marco Davids (SIDN)" <marco.davids at sidn.nl> wrote:
> Hi,
>
> I suppose many of us read Google's announcement yesterday:
>
> http://googleonlinesecurity.blogspot.nl/2013/03/google-public-dns-now-supports-dnssec.html
>
> Now, Google Public DNS only validates when either the DO-bit or, according to RFC6840, the AD-bit is set in the query.
>
> https://developers.google.com/speed/public-dns/faq#dnssec
>
> Validation upon request, instead of ignoring validation by means of the CD-bit, so to speak.
>
> In a way, I kind of like the idea. As for some environments -such as the one at Google- it might (for now) be a good alternative.It sort of adheres to the idea; "everything stays the same, unless you want it to be different" (which at the same time may be considered as undesirable...).
>
> Anyway...
>
> I was wondering what the opinions are on this list, regarding the design-choices of Google. And if this feature is being considered for Unbound (in addition to the already present ' val-permissive' mode)?
>
> Regards,
> --
> Marco
>
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20130320/03654d72/attachment.htm>
More information about the Unbound-users
mailing list