On 3 Oct 2012, at 02:42, Vernon Schryver wrote:
Why not get rid of stub resolvers completely and simply use
recursive resolvers?
I think the code to parse the BIND9 configuration grammar and nothing
more would be excessive and grotesque. The code to support all of
that stuff would be obscene.
The code for BIND9's config file goop is not so bad compared to other
parts of its internals: it's about the same size as validator.c (which
has no crypto code) for instance.
Of course, if the only available code for your situation is BIND, then
you could use BIND with a tiny configuration file.
Yeah. It should even be possible to have a validating resolver using
automatic rollover for the One True Trust Anchor without any config
file at all. IIRC, that's pretty much what the almost ignored lwresd
does. Though please don't assume I want to exhume lwresd. :-)
The package would be smaller than current Firefox binaries that send
me running and
screaming in horror.
I'm sure someone, somewhere is working on a DNS server that is every
bit as scary as that bloated train wreck.
PS: I changed the Subject: header since we're no longer discussing
attacks on Brazil's DNS.
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
