On Mon, Sep 01, 2008 at 08:01:35AM +0200, Patrick Vande Walle wrote:
There was some irony in my original sentence.
Sorry, my fault to miss this last night.
Jokes aside, it is healthy to have another DNS resolver which does not use the Bind code and is under active development. I do use Unbound in production and as you may know, I have contributed some input for its binary packaging in Linux distributions.
Ack, that's the point.
Until such tool is included as a standard feature in mainstream OSes and/or registrar web interfaces, I am afraid DNSSEC will not reach critical mass.
dnssec-signzone is included in the standard distributions. rollerd etc. too.
This is where I think ALAC can help, it the sense it is well placed to talk to registrars to get it included in their range of off-the-shelf services. Ditto for IPv6 glue records.
Yes, ALAC can keep an eye on registry contracts to enforce DS and v6 glue in the TLDs. AtLarge can produce a strong pressure to the registrars to offer such services.