OpenDNS today announced it has adopted DNSCurve to secure DNS

Eugene Crosser crosser at average.org
Thu Feb 25 08:03:53 UTC 2010


Joe Baptista wrote:

>     ORG and GOV and quite a lot of the ccTLD's are "DNSSEC compatible", so I
>     don't actually think it'd be much of a horserace if compatibility is all
>     you're looking for. 
> 
> 
> I agree they are both DNSSEC compatible but .GOV has only deployed
> DNSSEC in 20% of it's zones. I'm not sure what the percentage is in .ORG
> - 5% ? less ? is it even 1% of the zones? The make work project continues.

Right now, as far as I am concerned, the main obstacle to more widespread
adoption on DNSSEC is the lack of procedure to establish trust between your zone
and the TLD. Even if my zone is signed, and it's in .org which is signed too, I
have no (googlable) way to get my DS included into the TLD zone.

Of course dlv.isc.org exsits, but I think it's publicly perceived as a testbed
rather than a production anchor.

I'd be happy to be wrong. (And, don't tell me to switch back to Verisign registrar.)

Eugene

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100225/f20283a7/attachment.bin>


More information about the bind-users mailing list