DNSSEC

[Mark Andrews]

In message <Prayer.1.3.2.0909301549350.2543 at hermes-1.csi.cam.ac.uk>, Chris Thomp
son writes:
> On Sep 30 2009, Mark Andrews wrote:
> 
> >In message <Prayer.1.3.2.0909291446310.21208 at hermes-1.csi.cam.ac.uk>,
> > Chris Thompson writes:
> >> DNSSEC certainly adds to the aggravation of having lots of piddling little
> >> reverse zones. Some people may just decide not to bother signing reverse
> >> zones ("reverse lookup results should only be treated as a hint, anyway").
> >
> >DNSSEC makes no difference to the count of reverse zones unless you
> >are depending on the nameserver filtering out records that shouldn't
> >be loaded into a zone.
> 
> Of course it doesn't affect the number of reverse zones. But if you already
> have more of them than you want, managing keys for each of them is that much
> extra hassle.
> 
> But maybe BIND 9.7 will make key management such a doddle that we won't care .
> ..

People, not just ISC, are working on trying to automate delegation
management which is crying out to be automated and would be simple
to do via UPDATE except for stupid contracts between registries and
registrars which make some registries think that they can't accept
UPDATEs.  The contracts really just need to be re-written to allow
this.  This is really the tail wagging the dog at the moment.
 
> -- 
> Chris Thompson
> Email: cet1 at cam.ac.uk
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org