[Dnssec-deployment] DNSSEC for IPv4 multicast addresses
Tony Finch
dot at dotat.at
Thu Jul 7 13:48:47 EDT 2011
Edward Lewis <Ed.Lewis at neustar.biz> wrote:
>
> E.g., root->tld.(signed)->enterprise.tld.(signed) for the internet but inside
> my enterprise net I want enterprise.tld. to be unsigned. (Because I'm running
> something that dynamically adds to the DNS that is not DNSSEC capable.)
Don't do that :-)
> As Peter writes: "or you teach the resolver that 239/8 is provably insecure" -
> can this be done in tools today?
Yes with unbound, not with bind.
> If you can't I'd say making it provably insecure would be preferrable.
Which is I think what Chris meant to imply.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Hebrides, Bailey, Fair Isle, Faeroes, South-east Iceland: Easterly or
northeasterly, backing northerly or northeasterly in Hebrides and Bailey, 4 or
5, increasing 6 at times. Moderate, occasionally rough. Occasional rain or
showers, fog patches. Moderate or good, occasionally very poor.
More information about the Dnssec-deployment
mailing list