Hi, I'd find it very nice if we had, by default, DNSSEC resolving in Debian, at least in the "default" configuration (whatever that means). By this, I mean that any non-experienced user would just install (or upgrade to) Jessie, start a web browser (Chormium, Iceweasel, etc.: take your pick...), and have DNSSEC resolving just working. Of course, we'd have this also for non-browser applications as a consequence if it's implemented (I'm thinking about stuff like curl, wget), though to me, the browser part is the most important.
If this means installing a recursive DNS resolver by default (unbound pops to my mind, since it has the feature by default), I'd say be it, though probably that is more of an open question, and an implementation details. I personally wouldn't mind at all if the Debian default configuration would by-pass whatever ISP are providing, since we've seen this broken in multiple cases (so many that I don't think it's even necessary to use an example to illustrate that fact here...). If I'm not mistaking (please correct me), Fedora has the feature, and it's been a long time they do. FreeBSD as well (they have unbound in the default installer). OpenBSD also removed bind and switched to unbound (or at least is planning on doing it, I'm not sure). Debian shouldn't be left behind. Probably this is too narrow for a release goal, or it is too late to raise this topic, though I would find it very nice if we had the feature, which is why I'm raising this topic. Thoughts welcome. Thomas Goirand (zigo) P.S: I wont have time to get involve in this, though I don't think that there is so much work involved, is it? -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/526be8e3.9000...@debian.org
