Maintained by: NLnet Labs

[Unbound-users] unbound 1.4.6 released

Paul Wouters
Wed Aug 4 16:12:15 CEST 2010

On Wed, 4 Aug 2010, Felix Schueren wrote:

>> That argument, even though it makes sense, seems somewhat inconsistent
>> with an earlier decision to implement draft-vixie-dnsext-dns0x20-00 in
>> Unbound. I liked playing with the 0x20 feature though, so at least I for
>> one was was happy that you implemented it as an option. I suppose I
>> could be equally happy with fiddling around with DNScurve a bit. A
>> '--with-dnscurve' configure-option would work just fine for me (will
>> keep things leand and mean for others). So as far as I am concerned, the
>> 'IETF standardization'-argument doesn't necessarily has to be a
>> showstopper here.
> seconded. dnscurve is a great concept, I'd love to play with it.

We can have the discussion again why dnscurve can be a disaster on the
caching infrastructure of the net. There are many important reasons why
a lot of DNS developers do not like or want dnscurve. Why should they
implement it? DNS developers have been at the IETF for decades. There
is a reason why the end result of many bright minds was DNSSEC, not dnscurve.

People advocating dnscurve are loud. However, the manta is "concensus
and running code". Having a draft gives you some kind on concensus. You
still need to make running code. And even then, you would need to think
about operational issues. You can't take the Bernstein approach of
"I'll do whatever the hell I want" or "I don't work around operating
system bugs" if you want more then 2 people running the code.