[Dnssec-deployment] DNSSEC aware recursive name servers
suruti94 at gmail.com
Sat Aug 6 17:31:17 EDT 2011
On Aug 6, 2011, at 1:19 PM, Patrik Fältström <paf at cisco.com> wrote:
> On 6 aug 2011, at 19.31, Mohan Parthasarathy wrote:
>> But the security requirements are different in the two cases. If it is
>> running on a different host, don't we have the same problem again ?
> Today we have _two_ problems. For the querying DNS resolver to know whether an upstream resolver did validate or not (and what the result is) and secondly to secure the communication between the two resolvers.
Securing the communication between resolvers is not easy and that problem goes away when we have a local validating resolver which is what I think is a feasible solution.
More information about the Dnssec-deployment