Re: "security-aware-resolver" virtual package (Was: Two new DNS virtual packages (authoritative-name-server & recursive-name-server))
Ondřej Surý writes (""security-aware-resolver" virtual package (Was: Two new DNS virtual packages (authoritative-name-server & recursive-name-server))"):
> since the authoritative-name-server idea was rejected by the list, I was
> going to propose alternative:
>
> security-aware-resolver
>
> The definition from RFC4033:
>
> Security-Aware Resolver: An entity acting in the role of a resolver
> (defined in section 2.4 of [RFC1034]) that understands the DNS
> security extensions defined in this document set. In particular,
> a security-aware resolver is an entity that sends DNS queries,
> receives DNS responses, supports the EDNS0 ([RFC2671]) message
> size extension and the DO bit ([RFC3225]), and is capable of using
> the RR types and message header bits defined in this document set
> to provide DNSSEC services.
This is a nice idea in principle but I wonder whether there are in
fact any current packages out there that would find this useful as a
dependency ?
What packages depend (or will depend) on the services of a
security-asware resolver, and will therefore refer to the proposed
virtual package name ?
I think TBH that this is also a concern for the proposed recursive
resolver virtual package. Pretty much everything network-related
expects that there is a working resolver, but we don't generally
declare this using the dependency system. What existing dependency
relationships would be supplanted or extended by the new virtual
package name ?
Ian.
Reply to: