On Thu, Aug 07, 2008 at 05:18:28PM +0000, Paul Vixie wrote:
> any solution requiring cooperative action/change by both the RDNS and ADNS
> has a cost that's equivilent to "deploy DNSSEC". the thing that's good


That's simply not true - DNSSEC does not function automatically even if both
ADNS and RDNS support it.

DNSSEC needs a change to:
ADNS,
RDNS,
the zone,
the registry,
the registrar,
and even the operational procedures of domain owner.
(the stub, the application - if you want to give the end-user a
choice)

EDNS PING or other entropy enhancing solutions provide benefit to anybody
deploying them, without further work, and require only ADNS and RDNS work.

DNSSEC provides lots of other things beyond entropy of course.

Bert

--
http://www.PowerDNS.com Open source, database driven DNS Software
http://netherlabs.nl Open and Closed source services

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: