OpenDNS today announced it has adopted DNSCurve to secure DNS
Michael Sinatra
michael at rancid.berkeley.edu
Wed Feb 24 03:28:48 UTC 2010
On 02/23/10 18:31, Joe Baptista wrote:
> Now that OpenDNS the largest provider of public DNS supports DNSCurve
>
> http://twitter.com/joebaptista/status/9555178362
>
> Would it be possible to include DNScurve support in bind?
>
> thanks
> joe baptista
I'd love to see BIND adopt DNScurve...when it becomes an RFC. Until
then, I'd prefer that BIND stick to the existing body of RFCs. If
DNScurve is important enough for the whole Internet to use, then it's
important enough to drag it through the whole IETF process, political as
it may or may not be.
Personally, I think DNScurve misses the mark. My concern, as someone
who operates both authoritative and recursive servers, is that the data
on the authority side be authentic end-to-end. With DNSSEC, I can
validate that that's true.
DNScurve advocates, on the other hand, point out that DNS isn't
encrypted. Well, neither is the phone book. So what? I regard DNS as
a public database, and it's more important to me that it be
authentic--from the source--than obscurified.
While I think the OpenDNS people (especially David U., their founder)
have a huge amount of clue, I think they're barking up the wrong tree here.
michael
More information about the bind-users
mailing list