[dns-operations] [Security] Glue or not glue?

2015-05-04 Thread Stephane Bortzmeyer
A new edition of the DNS security guide by ANSSI (French cybersecurity agency) recommends to prefer delegations with glue because glueless delegations "may carry additional risks since they create a dependency". Is there any other "best practices" text which makes such a recommendation? http://www

Re: [dns-operations] [Security] Glue or not glue?

2015-05-04 Thread Patrik Fältström
On 4 May 2015, at 9:11, Stephane Bortzmeyer wrote: > A new edition of the DNS security guide by ANSSI (French cybersecurity > agency) recommends to prefer delegations with glue because glueless > delegations "may carry additional risks since they create a > dependency". Is there any other "best

Re: [dns-operations] [Security] Glue or not glue?

2015-05-04 Thread Paul Vixie
Stephane Bortzmeyer wrote: > A new edition of the DNS security guide by ANSSI (French cybersecurity > agency) recommends to prefer delegations with glue because glueless > delegations "may carry additional risks since they create a > dependency". ... if we're voting, i agree with this recommenda

Re: [dns-operations] [Security] Glue or not glue?

2015-05-04 Thread Anand Buddhdev
On 04/05/15 09:11, Stephane Bortzmeyer wrote: Bonjour Stéphane, > A new edition of the DNS security guide by ANSSI (French cybersecurity > agency) recommends to prefer delegations with glue because glueless > delegations "may carry additional risks since they create a > dependency". Is there any

Re: [dns-operations] [Security] Glue or not glue?

2015-05-04 Thread Peter Koch
On Mon, May 04, 2015 at 09:11:28AM +0200, Stephane Bortzmeyer wrote: > agency) recommends to prefer delegations with glue because glueless > delegations "may carry additional risks since they create a > dependency". Is there any other "best practices" text which makes such > a recommendation? > >

Re: [dns-operations] [Security] Glue or not glue?

2015-05-04 Thread Niall O'Reilly
On Mon, 04 May 2015 09:51:38 +0100, Peter Koch wrote: [...] > > More importantly, while DNSSEC is mentioned in the paper, I do not see, > maybe due to lack of language skills , DNSSEC being recommended as explicitly > as "delegations with glue". That's my reading too. [...] > Getting these

Re: [dns-operations] [Security] Glue or not glue?

2015-05-04 Thread Edward Lewis
On 5/4/15, 3:11, "Stephane Bortzmeyer" wrote: >A new edition of the DNS security guide by ANSSI (French cybersecurity >agency) recommends to prefer delegations with glue because glueless >delegations "may carry additional risks since they create a >dependency". Is there any other "best practices"

Re: [dns-operations] [Security] Glue or not glue?

2015-05-04 Thread Keith Mitchell
On 05/04/2015 04:51 AM, Peter Koch wrote: > On Mon, May 04, 2015 at 09:11:28AM +0200, Stephane Bortzmeyer wrote: >> http://www.ssi.gouv.fr/entreprise/guide/bonnes-pratiques-pour-lacquisition-et-lexploitation-de-noms-de-domaine/ >> (in french only) > Getting these recommendations straight is not a