[dnssec-deployment] dot MUSEUM implemented DNSSEC

Paul Wouters paul at xelerance.com
Mon Sep 22 10:57:13 EDT 2008


On Mon, 22 Sep 2008, Olaf Kolkman wrote:

> I hope that I understand Mats point. Allow me to rephrase it:
>
> If you do a delegation wrong you create some lameness, and the DNS can cope 
> with that. If you do the DS wrong then you immediately impact the secure 
> zones.
>
> With plain old DNS you need to shoot at least twice to shoot yourself in the 
> feet. With DNSSEC you only need one shot to do serious damage.

That's all relative. I only have to put one wrong IP in the master zone
to do serious damage too. Or one misisng semi-colon in named.conf.

Paul



More information about the Dnssec-deployment mailing list