On Tue, Jun 12, 2012 at 03:32:56AM +0000, Vernon Schryver <v...@rhyolite.com> wrote a message of 76 lines which said:
> Joe and Joan should be using their ISP's validating, load balancing, > well (or at least somewhat) maintained DNS servers, just as they > should be using their ISP's SMTP systems. A strong NO here. Politically, it would be a big nail in Net Neutrality's coffin. Also, many ISP have lying resolvers and customers should NOT use them. From a security perspective, it would be catastrophic since the last mile is not secured, so the only safe way to run DNSSEC is to validate locally (which requires access to port 53 if the ISP resolver is lying). I leave these proposals to MAAWG and the Chinese government. _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs