[dnssec-deployment] dot MUSEUM implemented DNSSEC
paul at xelerance.com
Mon Sep 22 10:57:13 EDT 2008
On Mon, 22 Sep 2008, Olaf Kolkman wrote:
> I hope that I understand Mats point. Allow me to rephrase it:
> If you do a delegation wrong you create some lameness, and the DNS can cope
> with that. If you do the DS wrong then you immediately impact the secure
> With plain old DNS you need to shoot at least twice to shoot yourself in the
> feet. With DNSSEC you only need one shot to do serious damage.
That's all relative. I only have to put one wrong IP in the master zone
to do serious damage too. Or one misisng semi-colon in named.conf.
More information about the Dnssec-deployment