Problems with resolving a local tld
Robert Moskowitz
rgm at htt-consult.com
Thu Feb 28 18:44:28 UTC 2013
On 02/28/2013 01:14 PM, Tony Finch wrote:
> Robert Moskowitz <rgm at htt-consult.com> wrote:
>
>> Feb 28 12:14:16 klovia named[22332]: validating @0xb421ba30: htt SOA: got
>> insecure response; parent indicates it should be secure
> I think this suggests that one of the servers for htt doesn't have the
> signed version.
>
> Another reason not to use made-up domain names: CAs are going to stop
> issuing X.509 certificates for them. (It baffles me why they ever did so.)
> http://ssl.entrust.net/blog/?p=1831
Day job disclaimer: I work for Verizon Enterprise Systems. We have a
group that provides LOTS of server certs and is the leader in client
certs and attend HIMSS next week for more announcements.
But that said my personal position is: a made-up domain name should
never leak, and thus why are you getting a public cert for it? run your
own CA, add it to your trusted list and do what you got to do.
As to why they did so? It is called money.
But this is a different subject. Enough down this rat hole.
More information about the bind-users
mailing list