> > FYI - EO 14144 has the following provision related to encrypting DNS: > > (c) Encrypting Domain Name System (DNS) traffic in transit is a critical > step to protecting both the confidentiality of the information being > transmitted to, and the integrity of the communication with, the DNS > resolver. > (i) Within 90 days of the date of this order, the Secretary of > Homeland Security, acting through the Director of CISA, shall publish > template contract language requiring that any product that acts as a DNS > resolver (whether client or server) for the Federal Government support > encrypted DNS and shall recommend that language to the FAR Council. > Within 120 days of receiving the recommended language, the FAR Council > shall review it, and, as appropriate and consistent with applicable law, > the agency members of the FAR Council shall jointly take steps to amend > the FAR. (ii) Within 180 days of the date of this order, FCEB agencies > shall enable encrypted DNS protocols wherever their existing clients and > servers support those protocols. FCEB agencies shall also enable such > protocols within 180 days of any additional clients and servers > supporting such protocols. > ....
Disclaimer, not really an dns expert What is this referring to DNSSEC? Afaik is just signing traffic not? What is the point of encrypting data with the current implementation of certificates. Even google does not trust CA's with it's certificate pinning. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
