Re: Jessie release goal: DNSSEC as default recursive resolver
On Sat, Oct 26, 2013 at 08:57:54PM +0200, Marco d'Itri wrote:
> On Oct 26, Thomas Goirand <firstname.lastname@example.org> wrote:
> > I'd find it very nice if we had, by default, DNSSEC resolving in Debian,
> > at least in the "default" configuration (whatever that means). By this,
> I agree with the general principle, but I do not think that a recursive
> resolver should be installed by default on every system. This would
> violate a lot of reasonable expectations...
How would you do "secure" DNSSEC resolution without a recursive
resolver? Right now there is no possibility to ask the resolver for all
security related records beginning from . to check it yourself.
Youth doesn't excuse everything.
-- Dr. Janice Lester (in Kirk's body), "Turnabout Intruder",