On Fri, Aug 15, 2008 at 4:51 PM, Paul Hoffman <[EMAIL PROTECTED]> wrote:
> security layers are good. If we don't give those people the right tools to > properly configure and properly maintain those configurations, there will be > stability issues, as I listed earlier. Let me tell you something. All this DNSSEC fud has been very very good for DNS consultants. One thing I make clear to the client base is that DNSSEC is just more bad patching on top of more bad patching. The BIND boys are patching freaks and have yet to build a BIND version that is stable. My advise to them is to watch the developments in DNSSEC and not believe everything they read. The solution I like implementing instead of DNSSEC is an IPS monitoring the resolver. And of course making sure their resolvers don't act as authoritative primaries or secondaries. One things for sure - many businesses are going to end up paying big bucks to protect themselves and even bigger bucks to deploy the DNSSEC patch. The BIND boys are marketing gurus. cheers joe baptista -- Joe Baptista www.publicroot.org PublicRoot Consortium ---------------------------------------------------------------- The future of the Internet is Open, Transparent, Inclusive, Representative & Accountable to the Internet community @large. ---------------------------------------------------------------- Office: +1 (360) 526-6077 (extension 052) Fax: +1 (509) 479-0084
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
