OpenDNS today announced it has adopted DNSCurve to secure DNS

Sam Wilson Sam.Wilson at ed.ac.uk
Wed Feb 24 17:42:06 UTC 2010


In article <mailman.608.1267031100.21153.bind-users at lists.isc.org>,
 Chris Thompson <cet1 at cam.ac.uk> wrote:

> On Feb 24 2010, Evan Hunt wrote:
> 
> >> Thats not the case with DNScurve. Again I stress - over 20 billion
> >> requests per day at OpenDNS are DNScurve compatible. The traffic in
> >> DNSSEC is chicken feed compared to DNScurve.
> >
> >ORG and GOV and quite a lot of the ccTLD's are "DNSSEC compatible", so I
> >don't actually think it'd be much of a horserace if compatibility is all
> >you're looking for.  What'll be interesting is how many queries the root
> >and TLD servers start seeing for uz5*/NS.
> 
> If OpenDNS really believe that DNScurve is the way of the future, why
> don't they have such NS records for opendns.com?

And what effect will 54-character names for nameservers have when the 
description recommends against using TCP or UDP with packets longer than 
512 bytes (EDNS0, anyone?).

Actually the idea of encoding your public key your name, whilst 
superficially neat, sounds like a killer to me.  How will I ever 
remember which server is which?

Has anyone found any uz5* servers out there yet?

Sam



More information about the bind-users mailing list