[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

"security-aware-resolver" virtual package (Was: Two new DNS virtual packages (authoritative-name-server & recursive-name-server))



Hi James,

since the authoritative-name-server idea was rejected by the list, I was
going to propose alternative:

security-aware-resolver

The definition from RFC4033:

   Security-Aware Resolver: An entity acting in the role of a resolver
      (defined in section 2.4 of [RFC1034]) that understands the DNS
      security extensions defined in this document set.  In particular,
      a security-aware resolver is an entity that sends DNS queries,
      receives DNS responses, supports the EDNS0 ([RFC2671]) message
      size extension and the DO bit ([RFC3225]), and is capable of using
      the RR types and message header bits defined in this document set
      to provide DNSSEC services.

O.
-- 
Ondřej Surý <ondrej@sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server

On Thu, Oct 24, 2013, at 1:51, James Cloos wrote:
> As a side note to this discussion, more interesting than a list of
> all resolvers would be a list of /verifying/ resolvers.
> 
> An easy way to find all packaged verifying resolvers, to choose one
> for local installation would help many users.
> 
> And an easy way to depend on a local verifier would help both devs
> packaging 'ware which wants verified dns lookups and those reading
> though package deps.  (Where deps includes recommends and suggests.)
> 
> And a local /verifier/ is generally a more important requirement
> than just a local resolver.
> 
> -JimC
> -- 
> James Cloos <cloos@jhcloos.com>         OpenPGP: 1024D/ED7DAEA6
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> Archive: m3vc0nk0km.fsf@carbon.jhcloos.org">http://lists.debian.org/m3vc0nk0km.fsf@carbon.jhcloos.org
> 


Reply to: