DNSSEC only
Michael Richardson
mcr at sandelman.ottawa.on.ca
Sat Oct 26 15:23:35 UTC 2002
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Jakob" == Jakob Schlyter <jakob at crt.se> writes:
Jakob> On Fri, 25 Oct 2002, Michael Richardson wrote:
>> Is there a way to configure bind9 (2002/7/22 snapshot) to only return
>> DNSSEC signed data via lwres?
Jakob> why would you like to do that? if the application cares it could use
Jakob> getrrsetbyname and only accept answer where RRRSET_VALIDATED is set. that
Jakob> is what I've done in my SSHFP implementation for OpenSSH.
Because I have applications which I do not want to, or can't modify, that I
wish to "secure". This is primarily an experiment. I will eventually modify
the applications.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr at sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBPbqzdYqHRg3pndX9AQH1VwQAvJEJg5EeZKHM5w+PiQOb8J7h6ky4pUlc
pT1cTyxdbhrImqfyusWYOk5xz57JTsc/QzaUrXb7XETT++Pt4l9Wk0dVq6ZROCKn
bMyYt4eOrrAyewOY/USSTb4VqhIEn25qLUlbh2L4DOAJ87g33Q0YyzoAUBaR1JTN
l8eu6AHD830=
=GhJB
-----END PGP SIGNATURE-----
More information about the bind-workers
mailing list