On Sat, 25 Apr 2009, Ted Lemon wrote:
I think it's important to consider what's good enough. Right now, for instance, we all use ssh professionally to get work done. How many of us arrange to get the host key out of band?
You're not using RFC 4255 yet? Shame on you! It's not that difficult, just use: sshfp -a -s -d xelerance.com @ns0.xelerance.net >> /var/named/xelerance.com and re-sign your zone And then you might need to enable VerifyHostKeyDNS in your ssh client options if it is not enabled in /etc/ssh/ssh_config Paul _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
