To:
Dan Massey <masseyd@isi.edu>
Cc:
Edward Lewis <lewis@tislabs.com>, Olaf Kolkman <OKolkman@ripe.net>, <dnssec@cafax.se>
From:
Jakob Schlyter <jakob@crt.se>
Date:
Wed, 18 Apr 2001 20:48:16 +0200 (CEST)
Delivery-Date:
Thu Apr 19 06:43:53 2001
In-Reply-To:
<20010418095831.A2207@snarl.east.isi.edu>
Sender:
owner-dnssec@cafax.se
Subject:
Re: lwresd, tsig, and caching
On Wed, 18 Apr 2001, Dan Massey wrote: > To make this work in practice, the default should be to use whatever > nameservers are in /etc/resolv.conf as forwarders. this is already the default for BINDv9's lwresd. > Also, these forwarders must authenticate the data before caching it. why? I don't want them to authenticate the data, I want to do it myself so I can decided what to trust. > Do you also want to use this same approach for your desktop machine or > does your desktop machine use option B (TSIG to your local nameserver)? > I'm still leaning toward Option B for the desktop... option A for the desktop. too many shared secrets with TSIG. TKEY could perhaps be an option. /Jakob -- Jakob Schlyter <jakob@crt.se> Network Analyst Phone: +46 31 701 42 13, +46 70 595 07 94 Carlstedt Research & Technology