Hi James,
since the authoritative-name-server idea was rejected by the list, I was
going to propose alternative:
security-aware-resolver
The definition from RFC4033:
Security-Aware Resolver: An entity acting in the role of a resolver
(defined in section 2.4 of [RFC1034]) that understands the DNS
security extensions defined in this document set. In particular,
a security-aware resolver is an entity that sends DNS queries,
receives DNS responses, supports the EDNS0 ([RFC2671]) message
size extension and the DO bit ([RFC3225]), and is capable of using
the RR types and message header bits defined in this document set
to provide DNSSEC services.
O.
--
Ondřej Surý <[email protected]>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
On Thu, Oct 24, 2013, at 1:51, James Cloos wrote:
> As a side note to this discussion, more interesting than a list of
> all resolvers would be a list of /verifying/ resolvers.
>
> An easy way to find all packaged verifying resolvers, to choose one
> for local installation would help many users.
>
> And an easy way to depend on a local verifier would help both devs
> packaging 'ware which wants verified dns lookups and those reading
> though package deps. (Where deps includes recommends and suggests.)
>
> And a local /verifier/ is generally a more important requirement
> than just a local resolver.
>
> -JimC
> --
> James Cloos <[email protected]> OpenPGP: 1024D/ED7DAEA6
>
>
> --
> To UNSUBSCRIBE, email to [email protected]
> with a subject of "unsubscribe". Trouble? Contact
> [email protected]
> Archive: http://lists.debian.org/[email protected]
>
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive:
http://lists.debian.org/[email protected]
