[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Jessie release goal: DNSSEC as default recursive resolver

> If I'm not mistaking (please correct me), Fedora has the feature, and
> it's been a long time they do. FreeBSD as well (they have unbound in the
> default installer). OpenBSD also removed bind and switched to unbound
> (or at least is planning on doing it, I'm not sure). Debian shouldn't be
> left behind.

OpenBSD has it's own resolver with a tcp only option, unbound is in base
as a default off cache option due to the decision that bind's upstream
was making some odd decisions, bad coding and creating work and nsd was
saner in the vast majority of cases anyway.

I believe the reliability (DOS) issues that DNSSEC imposes coupled with
the low level of adoption would make it very unlikely that DNSSEC would
be enabled for certainly default resolving on OpenBSD without DNSCURVE
protection or some significant DNSSEC re-development.


'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)

In Other Words - Don't design like polkit or systemd

Reply to: