Oct. 3, 2019
9:24 a.m.
On Thu, Oct 03, 2019 at 04:45:08AM -0400, Michael Casadevall wrote:
Resolver: Oh, it's authoritative, I don't need to worry about DNSSEC.
Validating resolvers don't do this. BTW, this is the premise of DNSSEC - the end-to-end validation of data. It doesn't matter how you've received the data, whether through a trusted or untrusted party, whether through a secure or compromised nameserver. A validating client validates the _data_. Mukund