[Dnssec-deployment] DNSSEC aware recursive name servers
daniel at digsys.bg
Wed Aug 10 04:03:29 EDT 2011
On 09.08.11 22:16, Tony Finch wrote:
> Andrew Sullivan<ajs at shinkuro.com> wrote:
>> That's the one I was thinking about. Surely as soon as we have a
>> protocol for selecting a DNS server, it's a short hop from that to,
>> "Prefer the one that works reliably," where "reliably" is defined
>> according to local preferences.
> Surely the wireless access point with broken DNS will send a DHCP option
> telling clients to use its broken DNS because its local preference says it
> "works reliably".
I very much hope "local preference" to reflect the desire of the device
owner, not the desire of the network operator.
Internet became successful, because intelligence moved to the end
systems and the network was not expected to be smart.. Ever since then,
everybody is trying to put more intelligence in the network, perhaps
because of desires for more control etc.
I can imagine, the end-node running few DNS tests to verify if "DNS
works reliably" with a certain server, much like Windows would test if
you have "Internet connectivity". Then, vendors will simply make sure
their system responds correctly to that particular queries and fake
More information about the Dnssec-deployment