On Tue, Apr 27, 2021 at 12:34 PM Eric Germann via NANOG <nanog@nanog.org> wrote:
> Does anyone have a pointer to a good resource for current best practices > for deployment of DNSSEC, preferably newer than RFC6781? > > What algorithms do you typically sign with (RSASHA256, ECDSAP256SHA256, > both, something other)? > > Feel free to little r me off list if you wish > Probably best not to deploy it since it does not solve any practical problems, yet makes huge ddos possible via dns reflection attacks. > — > Eric Germann > ekgermann (at) semperen.com > LinkedIn: https://www.linkedin.com/in/ericgermann > > GPG Fingerprint: 89ED 36B3 515A 211B 6390 60A9 E30D 9B9B 3EBF F1A1 > > > > > >
