US Federal civilian agencies have been required to do DNSSEC validation for over ten years.
On Mon, Jan 27, 2025 at 7:42 PM Grant Taylor via bind-users < bind-users@lists.isc.org> wrote: > On 1/27/25 07:02, Carlos Horowicz via bind-users wrote: > > IMHO this has nothing to do with DNSSEC, > > HEAVYsigh > > Why do things seem to focus on the encryption of DNS traffic and ignore > authentication of the information? > > I'm sure that all of us are aware that it's perfectly possible for a DoT > / DoH server to send bogus information through the encryption. > > In some ways, advocating for encryption without authentication is akin > to advocating for self-signed TLS certificates for web-sites. Anybody > can monkey in the middle the traffic if they want to. > > I've not read any of the cited articles yet, but I assume DNS w/ DNSSEC > through VPN isn't mentioned. > > > > -- > Grant. . . . > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > >
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
