Subject: Re: [DNSOP] Fundamental ANAME problems Date: Fri, Nov 02, 2018 at
04:03:50PM +0800 Quoting John R Levine (jo...@taugh.com):
I'll defer to other people, but it seems to me that anything that depends on
recursive DNS servers being updated isn't a realistic solution. We're still
waiting for DNSSEC, after all.
Be as pessimistic as you like, but in Sweden, more than 80% of the ISP
resolvers validate. The DNS can change, at a sometimes glacial speed,
but it does change.
Sure, but DNSSEC addresses a huge security problem, and it's taken a
decade to get fairly wide adoption. ANAME basically works around a
configuration mistake. If we can't solve it in the servers with the
configuration problems, it's not worth solving.
Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
