OpenDNS today announced it has adopted DNSCurve to secure DNS

Michael Sinatra michael at rancid.berkeley.edu
Wed Feb 24 06:13:40 UTC 2010


On 02/23/10 19:54, Joe Baptista wrote:
> It would be nice to see it as an RFC. I agree with that. But from what I
> know it will be a pretty cold day in hell before it becomes an RFC. I
> humbly suggest Dr. Bernstein who is behind DNScurve thinks the IETF is
> full of wackos. So it is unlikely he will ever be bothered to dance the
> IETF RFC jig.
>
> I do disagree with you that bind should only implement what is in the
> RFC. Lets not forget the IETF has had 15 years to secure the DNS. The
> result is the DNSSEC abortion. It has failed. This announcement today is
> a stiff well deserved kick in the balls to the DNSSEC crowd.
>
> We can not rely on the IETF for security. Commerce and simple common
> sense communications are screaming for security solutions today.
> DNSCurve is perfect and it works out of the box.
>
> Folks. OpenDNS has set the DNS standard. We can start securing the DNS
> with every new dnscurve upgrade to bind. Imagine how much money is being
> spent on the DNSSEC make work project - time and energy wasted.
>
> DNScurve installs - configures and runs. No need for a make work project.
>
> agreed?

As someone who both signs his production zones and does DNSSEC 
validation, I can assure you that DNSSEC works.  But you've done as good 
job as I can imagine in making the case for DNScurve.

michael



More information about the bind-users mailing list