Maintained by: NLnet Labs

[Unbound-users] unbound 1.4.6 released

Leen Besselink
Tue Aug 3 23:39:54 CEST 2010


On 08/03/2010 04:59 PM, W.C.A. Wijngaards wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Kevin,
>
> On 08/03/2010 03:23 PM, Kevin Chadwick wrote:
>    
>> Is it possible to add dnscurve support to the todo list?
>>      
> It is currently at the IETF and if that standardization (and fix)
> process is done, then we can consider adding it.  Of course we also want
> a lean-and-mean validator for unbound, so no unnecessary features.  The
> IETF process can take some time and make changes to the spec, therefore
> the decision is better made at a later date.
>
> The root was just signed with DNSSEC, a week or so ago, so I updated the
> Howto DNSSEC on the unbound website for that earlier today.  RFC5011
> tracking of the root anchor is much easier than tracking every
> topleveldomain with cron.
>
>    

How about TSIG ? I think it can be used (if an stub-resolver like ldns 
implements it) to secure 'the last mile'.

__

Did you also see this idea by Dan Kaminsky ? I thought it was pretty smart.

It takes part of the idea from dnscurve and combines it with DNSSEC to 
get faster/more DNSSEC deployment:

http://recursion.com/chain.pdf

> Best regards,
>     Wouter
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.14 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkxYLu8ACgkQkDLqNwOhpPiX4gCgoj92t/iJr1lBIwN7W1I1wQvL
> jHYAnRQUyVJdV+c3/ETsAVl0iH2RA9NQ
> =NYMP
> -----END PGP SIGNATURE-----
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
>
>