[Dnssec-deployment] DLV - it's not just for hostnames.

David Conrad drc at virtualized.org
Tue Jun 14 13:28:15 EDT 2011


On Jun 14, 2011, at 9:19 AM, Edward Lewis wrote:
> I'm distracted by all of the "player-hating" DLV is getting, once again, simply for existing.  

"Player-hating"? I would have the same (in fact, probably more) concerns if it was someone other than ISC running DLV.

> What's wrong with live-and-let-live and leave it up to cache operators to make their decisions and learn their lessons?

It appears to be shipping in default configurations of some operating systems. Yes, that's not <resolver vendor's> or <DLV operator's> fault, however its existence does increase the cruft in the infrastructure and gives registries/registars a way to tell their customers who want DNSSEC that an alternative exists to them (the registry/registrar) properly supporting DNSSEC. I see both of these as ungood, but I gather others don't share those concerns hence I'll cease tilting at this particular windmill.


More information about the Dnssec-deployment mailing list