From owner-freebsd-arch Mon Feb 19 10:44:11 2001 Delivered-To: freebsd-arch@freebsd.org Received: from cosmo.jt.org (cosmo.jt.org [206.14.191.190]) by hub.freebsd.org (Postfix) with SMTP id 75CD437B401 for ; Mon, 19 Feb 2001 10:44:09 -0800 (PST) Received: (qmail 98736 invoked by uid 1000); 19 Feb 2001 18:43:38 -0000 Date: Mon, 19 Feb 2001 10:43:38 -0800 From: Dan Peterson To: arch@freebsd.org Subject: Re: DJBDNS vs. BIND Message-ID: <20010219104338.B98114@danp.net> References: <20010219101234.A98114@danp.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from rwatson@freebsd.org on Mon, Feb 19, 2001 at 01:32:08PM -0500 X-PGP-Key: http://danp.net/pubkey.asc Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I'm on the list. Please direct replies accordingly. Robert Watson wrote: > Hmm. Dynamic DNS sounds like it might be in the IETF standards track, > actually. Please take a look at RFC 3007. That doesn't mean it's not a hack. Would RFC 2317 be around if BIND wasn't? I don't see any RFC's specific to Sendmail's sendmail.cf format (and subsequent "standards track" documents to get around its deficiencies). > Name servers are welcome to implement whatever certification process > they'd like: it doesn't have to include the DNS root, it's welcome to > include peers, etc. Many people are critical of the DNSsec root model, but > you're not forced to use that. If it doesn't start at the roots, what good is it? Sure, you can make sure records within your own zones are "secure," but that's pretty much a given anyway. What about results from recursive queries to the Internet? DNSSEC is meaningless unless it goes from the roots up. -- Dan Peterson http://danp.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message