Re: Jessie release goal: DNSSEC as default recursive resolver

To: debian-devel@lists.debian.org
Subject: Re: Jessie release goal: DNSSEC as default recursive resolver
From: Bastian Blank <waldi@debian.org>
Date: Sun, 27 Oct 2013 16:16:11 +0100
Message-id: <[🔎] 20131027151611.GA13181@mail.waldi.eu.org>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20131026185754.GA8561@bongo.bofh.it>
References: <[🔎] 526BE8E3.9000109@debian.org> <[🔎] 20131026185754.GA8561@bongo.bofh.it>

On Sat, Oct 26, 2013 at 08:57:54PM +0200, Marco d'Itri wrote:
> On Oct 26, Thomas Goirand <zigo@debian.org> wrote:
> > I'd find it very nice if we had, by default, DNSSEC resolving in Debian,
> > at least in the "default" configuration (whatever that means). By this,
> I agree with the general principle, but I do not think that a recursive 
> resolver should be installed by default on every system. This would 
> violate a lot of reasonable expectations...

How would you do "secure" DNSSEC resolution without a recursive
resolver?  Right now there is no possibility to ask the resolver for all
security related records beginning from . to check it yourself.

Bastian

-- 
Youth doesn't excuse everything.
		-- Dr. Janice Lester (in Kirk's body), "Turnabout Intruder",
		   stardate 5928.5.

Reply to:

References:
- Jessie release goal: DNSSEC as default recursive resolver
  - From: Thomas Goirand <zigo@debian.org>
- Re: Jessie release goal: DNSSEC as default recursive resolver
  - From: md@Linux.IT (Marco d'Itri)

Prev by Date: Re: on bootstrapping ports (was: Re: Bits from the Release Team (Jessie freeze info))
Next by Date: Bug#728016: ITP: node-send -- Static file server with ranges and negotiation support for Node.js
Previous by thread: Re: Jessie release goal: DNSSEC as default recursive resolver
Next by thread: Pro-Action against dependency hell
Index(es):
- Date
- Thread