"security-aware-resolver" virtual package (Was: Two new DNS virtual packages (authoritative-name-server & recursive-name-server))
Hi James,
since the authoritative-name-server idea was rejected by the list, I was
going to propose alternative:
security-aware-resolver
The definition from RFC4033:
Security-Aware Resolver: An entity acting in the role of a resolver
(defined in section 2.4 of [RFC1034]) that understands the DNS
security extensions defined in this document set. In particular,
a security-aware resolver is an entity that sends DNS queries,
receives DNS responses, supports the EDNS0 ([RFC2671]) message
size extension and the DO bit ([RFC3225]), and is capable of using
the RR types and message header bits defined in this document set
to provide DNSSEC services.
O.
--
Ondřej Surý <ondrej@sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
On Thu, Oct 24, 2013, at 1:51, James Cloos wrote:
> As a side note to this discussion, more interesting than a list of
> all resolvers would be a list of /verifying/ resolvers.
>
> An easy way to find all packaged verifying resolvers, to choose one
> for local installation would help many users.
>
> And an easy way to depend on a local verifier would help both devs
> packaging 'ware which wants verified dns lookups and those reading
> though package deps. (Where deps includes recommends and suggests.)
>
> And a local /verifier/ is generally a more important requirement
> than just a local resolver.
>
> -JimC
> --
> James Cloos <cloos@jhcloos.com> OpenPGP: 1024D/ED7DAEA6
>
>
> --
> To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> Archive: [🔎] m3vc0nk0km.fsf@carbon.jhcloos.org">http://lists.debian.org/[🔎] m3vc0nk0km.fsf@carbon.jhcloos.org
>
Reply to: