OpenDNS today announced it has adopted DNSCurve to secure DNS
Alan Clegg
aclegg at isc.org
Fri Feb 26 13:24:10 UTC 2010
Jonathan de Boyne Pollard wrote:
> That's also nothing to do with DNSCurve. You weren't making a DNSCurve
> query there. You were simply querying, with an ordinary DNS query, a
> proxy DNS server that is under someone else's control and getting the
> view of the DNS namespace that that someone else chose to give to you.
> OpenDNS have "subverted" you (inasmuch as one can call accepting control
> of the DNS namespace from people who deliberately hand it over to them
> "subversion") entirely without DNSCurve. This is simply the well-known
> risk of using other people's proxy servers. There's nothing new here,
> and nothing related to DNSCurve here.
I fully understand that this was not a DNSCurve query. My point was
that this "ability" of OpenDNS will go away if and when they choose a
technology that actually provides end-to-end validation of the DNS
query/response in question.
Why would OpenDNS adopt a technology that destroys their own business
model? They argue against DNSSEC, yet they implement DNSCurve.
Interesting...
Anyway, this has gone far enough off-topic ("bind-users") that I'm going
to curtail my responses here. Feel free to follow up with me directly
if you'd like.
AlanC
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100226/36acdf06/attachment.bin>
More information about the bind-users
mailing list