Re: DS and Opt-in - a proposal

[bert hubert <ahu@ds9a.nl>]

On Fri, Dec 28, 2001 at 09:25:26AM -0500, Greg Hudson wrote:
> On Fri, 2001-12-28 at 01:50, bert hubert wrote:
> > I seem to keep hammering this point - have clientside people been involved
> > yet? The vast majority of DNS lookups right now are A queries, and most of
> > those come from the browser.
> 
> In the Unix world, at least, the applications shouldn't have to get
> involved, just the recursive resolver (named, traditionally) and to some
> extent the stub resolver in libc.  The application may be interested in

You must live in a parallel universe from mine. The application developer
has needs. If DNSSEC is unable to meet, or worse, not interested in those
needs, s/he will ignore it. It is not a unix question.

> I don't know enough about the non-Unix world (which, admittedly, is
> where most of the users are) to comment on it.

There is no difference. Right now DNSSEC is purely academic with some
laboratory experiments. Some fairy may come along and suddenly make all user
applications DNSSEC aware, but don't count on it. It's not that you write
the RFC and suddenly people start implementing it.

Just saying 'it is transparent from an applications' point of view' does not
cut it. 

Interesting to note is that I'm told that IE has its own resolver, separate
from the regular windows one.

Regards,

bert

-- 
http://www.PowerDNS.com          Versatile DNS Software & Services
http://www.tk                              the dot in .tk
Netherlabs BV / Rent-a-Nerd.nl           - Nerd Available -
Linux Advanced Routing & Traffic Control: http://ds9a.nl/lartc


to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.