dnssec
Stephane Bortzmeyer
bortzmeyer at nic.fr
Sun Jul 27 08:05:30 UTC 2008
On Sat, Jul 26, 2008 at 09:00:49PM -0700,
D. Stussy <spam at bde-arc.ampr.org> wrote
a message of 15 lines which said:
> > The question is, what is the hang up?
>
> A good, secondary reason is that the cost of authentication is privacy. The
> implementation basically reveals the full contents of a zone,
This is solved by NSEC 3 (RFC 5155), which will be in the next BIND
(9.6).
In the mean time, you can always use rate-limiting and walk-detection
techniques. ".se" apparently use them, I cannot enumerate the zone.
More information about the bind-users
mailing list