Re: Jessie release goal: DNSSEC as default recursive resolver
On 10/27/2013 01:52 AM, Ondřej Surý wrote:
> I still think that the Debian should be a technology leader.
> Conservative, but technology leader. And DNSSEC adoption would help the
> Also the DSA has already enabled DANE (DNSSEC validated TLS certs) on
> Debian's MTAs, the postfix 2.11 will have DANE support.
> I think this goal is very reasonable and I thank Thomas for proposing
A release goal with nobody working on it would be pointless. Since you
are involved in packaging DNS software in Debian, do you think you would
have time to work on that? How about the other package maintainers? Not
trying to put pressure on you, since I know you do a lot for Debian
already (including maintaining php, among other stuff...).
On 10/27/2013 02:57 AM, Marco d'Itri wrote:
> On Oct 26, Thomas Goirand <firstname.lastname@example.org> wrote:
>> I'd find it very nice if we had, by default, DNSSEC resolving in
>> Debian, at least in the "default" configuration (whatever that
>> means). By this,
> I agree with the general principle, but I do not think that a
> recursive resolver should be installed by default on every system.
> This would violate a lot of reasonable expectations...
Like what expectation?
I don't mind if we don't have a recursive resolver installed by default
on every system, if we have DNSSEC in another way. If that another way
is possible, could you tell how?