On 16 mrt 2008, at 2:16, Mark Andrews wrote:
Enable DNSSEC validation on the network's servers. At a
minimum make them DNSSEC transparent.
Is there any software out there for common OSes that does something
useful with this?
Yes. It is also useful in its own right by protecting the
down stream clients.
Note: DNSSEC validation in the recursive resolver is stage 1
of DNSSEC deployment.
A more interesting experiment would be to do away with SSL for a bit
and use IPsec instead. But I think we're far from being finished with
IPv6. Nearly all IETF mailinglists are still hosted on IPv4-only
servers, to name just one issue.
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews(_at_)isc(_dot_)org
IETF mailing list