[Pdns-users] DNSSEC position

bert hubert ahu at ds9a.nl
Sun Nov 9 22:42:17 UTC 2003

Dear PowerDNS Users,

By popular demand, our DNSSEC position:

In short:
 While it would be good to increase the authentication and integrity of DNS
 messages, it would do little to increase the general security of the
 internet. Combined with the complexity of DNSSEC, its inherent lower
 robustness and hence availability of domains, the increased vulnerability of
 the larger amount of code needed to support encryption in nameservers, I can
 only draw the conclusion that DNSSEC is not worth it.

 Furthermore, I predict that the additional downtime that will inevitably be
 caused by DNSSEC misconfigurations will quickly raise the perception that
 DNSSEC is unreliable.
 Because of the small role DNS plays in information security, it only
 warrants very non-intrusive solutions which need not rise above the 'pretty
 good' level.

http://www.PowerDNS.com      Open source, database driven DNS Software 
http://lartc.org           Linux Advanced Routing & Traffic Control HOWTO

More information about the Pdns-users mailing list