> On Sat, Oct 26, 2013, at 18:58, Kevin Chadwick wrote: > > I believe the reliability (DOS) issues that DNSSEC imposes coupled with > > Please, not this again. If you say DNSSEC DOS issue, you must state all > the other issues that DNS has. >
Not really, the security issues are already catered for and not such a problem. DNSSEC would be great if it was all good but it isn't. Having people being far more easily prevented from even accessing the internet is a far more serious issue which needs to be considered for a default stance of enforced if the AD bit is set. > > the low level of adoption > > It's certainly more adopted than IPv6 and we do support IPv6. > Of course I am not saying don't support it, it already is by certain packages but enabled by default without fallback many would disagree and with fallback, what do you gain. An easy switch on and off in resolv.conf for example is another matter entirely that would be cool. > > would make it very unlikely that DNSSEC would > > be enabled for certainly default resolving on OpenBSD without DNSCURVE > > protection or some significant DNSSEC re-development. > > How is the DNSSEC adoption by OpenBSD relevant to Debian decisions? > I never said it was, just responding to the OPs post, please re-read that. The point is OpenBSD having unbound in base is akin to debian having unbound in the repo, the only difference being that the code was audited and configured with a chroot by default etc. first and you don;t need to download it to use it. NSD upstream for example received some useful patches and other help upstream as a direct result of it's incorporation into base. -- _______________________________________________________________________ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd _______________________________________________________________________ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/396880.55305...@smtp144.mail.ir2.yahoo.com
