[Pdns-users] DNSSEC position
bert hubert
ahu at ds9a.nl
Sun Nov 9 22:42:17 UTC 2003
Dear PowerDNS Users,
By popular demand, our DNSSEC position:
http://ds9a.nl/secure-dns.html
In short:
While it would be good to increase the authentication and integrity of DNS
messages, it would do little to increase the general security of the
internet. Combined with the complexity of DNSSEC, its inherent lower
robustness and hence availability of domains, the increased vulnerability of
the larger amount of code needed to support encryption in nameservers, I can
only draw the conclusion that DNSSEC is not worth it.
Furthermore, I predict that the additional downtime that will inevitably be
caused by DNSSEC misconfigurations will quickly raise the perception that
DNSSEC is unreliable.
Because of the small role DNS plays in information security, it only
warrants very non-intrusive solutions which need not rise above the 'pretty
good' level.
Thanks.
--
http://www.PowerDNS.com Open source, database driven DNS Software
http://lartc.org Linux Advanced Routing & Traffic Control HOWTO
More information about the Pdns-users
mailing list