OpenDNS today announced it has adopted DNSCurve to secure DNS

Michael Sinatra michael at rancid.berkeley.edu
Wed Feb 24 03:28:48 UTC 2010


On 02/23/10 18:31, Joe Baptista wrote:
> Now that OpenDNS the largest provider of public DNS supports DNSCurve
>
> http://twitter.com/joebaptista/status/9555178362
>
> Would it be possible to include DNScurve support in bind?
>
> thanks
> joe baptista

I'd love to see BIND adopt DNScurve...when it becomes an RFC.  Until 
then, I'd prefer that BIND stick to the existing body of RFCs.  If 
DNScurve is important enough for the whole Internet to use, then it's 
important enough to drag it through the whole IETF process, political as 
it may or may not be.

Personally, I think DNScurve misses the mark.  My concern, as someone 
who operates both authoritative and recursive servers, is that the data 
on the authority side be authentic end-to-end.  With DNSSEC, I can 
validate that that's true.

DNScurve advocates, on the other hand, point out that DNS isn't 
encrypted.  Well, neither is the phone book.  So what?  I regard DNS as 
a public database, and it's more important to me that it be 
authentic--from the source--than obscurified.

While I think the OpenDNS people (especially David U., their founder) 
have a huge amount of clue, I think they're barking up the wrong tree here.

michael



More information about the bind-users mailing list