In message <20081126175013(_dot_)94E2828C161(_at_)core3(_dot_)amsl(_dot_)com>,
Russ Housley writes:
I have been approached about a plenary experiment regarding
DNSSEC. The idea is for everyone to try using DNSSEC-enabled clients
during the plenary session. I like the idea. What do others think?
Russ
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
The first thing we should address is the lack of signed
zones under the control of the IETF.
; <<>> DiG 9.3.5-P2 <<>> dnskey ietf.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29574
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;ietf.org. IN DNSKEY
;; AUTHORITY SECTION:
ietf.org. 7200 IN SOA ns0.ietf.org. glen.amsl.com.
1200000073 1800 1800 604800 7200
;; Query time: 344 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Nov 27 10:06:43 2008
;; MSG SIZE rcvd: 79
Secondly we should just turn on DNSSEC validation on the
recursive servers offered by DHCP and RAs. This should be
on for the entire week. This is what we are asking ISP's
to do and I see no reason why we shouldn't do the same.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews(_at_)isc(_dot_)org
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf