Re: Practical issues deploying DNSSEC into the home.

ietf

Re: Practical issues deploying DNSSEC into the home.

2013-09-10 19:17:43



On Wed, 11 Sep 2013, Brian E Carpenter wrote:

On 11/09/2013 09:59, Olafur Gudmundsson wrote:
...

My colleagues and I worked on OpenWrt routers to get Unbound to work there, 
what you need to do is to start DNS up in non-validating mode
wait for NTP to fix time, then check if the link allows DNSSEC answers 
through, at which point you can enable DNSSEC validation.


Hopefully you also flush the DNS cache as soon as NTP runs. Even so,
paranoia suggests that a dodgy IP address might still be cached in
some app.


I think you can avoid that issue by having the device not pass traffic
until the DNSSEC validation is enabled. Only the device needs the special
permissive handling for this to work.

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Practical issues deploying DNSSEC into the home., (continued) Re: Practical issues deploying DNSSEC into the home., Michael Richardson Re: Practical issues deploying DNSSEC into the home., Joe Abley Re: Practical issues deploying DNSSEC into the home., Tony Finch Re: Practical issues deploying DNSSEC into the home., Joe Abley Message not available Re: Practical issues deploying DNSSEC into the home., SM Re: Practical issues deploying DNSSEC into the home., Russ Housley Re: Practical issues deploying DNSSEC into the home., Joe Abley Re: Practical issues deploying DNSSEC into the home., Phillip Hallam-Baker Re: Practical issues deploying DNSSEC into the home., Olafur Gudmundsson Re: Practical issues deploying DNSSEC into the home., Brian E Carpenter Re: Practical issues deploying DNSSEC into the home., David Morris <= Re: [DNSOP] Practical issues deploying DNSSEC into the home., Olafur Gudmundsson Re: [DNSOP] Practical issues deploying DNSSEC into the home., Paul Wouters Re: [DNSOP] Practical issues deploying DNSSEC into the home., David Morris Re: Practical issues deploying DNSSEC into the home., Olafur Gudmundsson Re: [DNSOP] Practical issues deploying DNSSEC into the home., Evan Hunt Re: [DNSOP] Practical issues deploying DNSSEC into the home., Olafur Gudmundsson Re: [DNSOP] Practical issues deploying DNSSEC into the home., Nicholas Weaver Re: [DNSOP] Practical issues deploying DNSSEC into the home., Phillip Hallam-Baker Re: [DNSOP] Practical issues deploying DNSSEC into the home., Joe Abley Re: [DNSOP] Practical issues deploying DNSSEC into the home., Paul Wouters

Previous by Date:	Re: not really pgp signing in van, Ted Lemon
Next by Date:	Re: [v6ops] Last Call: <draft-ietf-v6ops-mobile-device-profile-04.txt> (Internet Protocol Version 6 (IPv6) Profile for 3GPP Mobile Devices) to Informational RFC, Abdussalam Baryun
Previous by Thread:	Re: Practical issues deploying DNSSEC into the home., Brian E Carpenter
Next by Thread:	Re: [DNSOP] Practical issues deploying DNSSEC into the home., Olafur Gudmundsson
Indexes:	[Date] [Thread] [Top] [All Lists]