disable dnssec in bind resolver

Joe Baptista baptista at publicroot.org
Sat Jun 5 15:04:46 UTC 2010


On Fri, Jun 4, 2010 at 11:32 PM, Doug Barton <dougb at dougbarton.us> wrote:

>
>
> With my business hat on though I can see at least 2 possible use cases for
> DO=0. The first being related to this thread, "I can't/won't fix/remove the
> firewall today, I just want my resolver to work." The hapless user in that
> spot is either going to use another vendor, or go back to the old version of
> BIND that "works." I know market share isn't a _primary_ concern for BIND,
> but I would argue that the "go back to old version" answer to this dilemma
> is something that we should all be concerned about.
>

I understand - I do anticipate others share your concern.


> The other use case that leaps immediately to mind is "We do 42 scintillion
> DNS queries per second and our bandwidth cost has tripled in the last 3
> months! What in the name of J. Jonah Jameson is going on around here?!?"
>

DNSSEC support is a world wide expense. Not only for the users who deploy it
and the registries that support it. But also in bandwidth. If your saying
your DNS traffic has tripled thats sounds about right.

Everybody profits and everybody pays.

Since we have Paul's attention here my question is will he incorporate
DNScurve into BIND now or does he intend to wait until it becomes an RFC?

regards
joe baptista
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100605/054109f5/attachment.html>


More information about the bind-users mailing list