[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: "security-aware-resolver" virtual package (Was: Two new DNS virtual packages (authoritative-name-server & recursive-name-server))

Ondřej Surý writes (""security-aware-resolver" virtual package (Was: Two new DNS virtual packages (authoritative-name-server & recursive-name-server))"):
> since the authoritative-name-server idea was rejected by the list, I was
> going to propose alternative:
> security-aware-resolver
> The definition from RFC4033:
>    Security-Aware Resolver: An entity acting in the role of a resolver
>       (defined in section 2.4 of [RFC1034]) that understands the DNS
>       security extensions defined in this document set.  In particular,
>       a security-aware resolver is an entity that sends DNS queries,
>       receives DNS responses, supports the EDNS0 ([RFC2671]) message
>       size extension and the DO bit ([RFC3225]), and is capable of using
>       the RR types and message header bits defined in this document set
>       to provide DNSSEC services.

This is a nice idea in principle but I wonder whether there are in
fact any current packages out there that would find this useful as a
dependency ?

What packages depend (or will depend) on the services of a
security-asware resolver, and will therefore refer to the proposed
virtual package name ?

I think TBH that this is also a concern for the proposed recursive
resolver virtual package.  Pretty much everything network-related
expects that there is a working resolver, but we don't generally
declare this using the dependency system.  What existing dependency
relationships would be supplanted or extended by the new virtual
package name ?


Reply to: