>> okay, but i seem to recall some discussion about dnssec processing
>> being offloading to something like nscd so that applications could
>> have the benefits of dnssec without incurring the overhead of having
>> to do the actual cryptographic processing.
>
>If nsdc (and/or doors) ever makes it off Solaris I'll puke all over the
>guy who does the port/rewrite.....

um...okay.  i don't like nscd that much, but what do you have against
doors?  or do you simply not like things you know nothing about?

>I.e. I think you're confusing bind-9 with something else entirely.

i don't think so.

>There is a light-weight resolver daemon in bind-9 to run on hosts that
>don't need the full nameserver (i.e. that have no local zones and IIRC
>it doesn't even have a cache).  Perhaps you're thinking of that?

it might be, but i thought that (a) it had a cache, and (b) it had
nothing to do with a host having no local zones, but rather to do with
off-loading the heavy cryptographic burden of dnssec to something else
(ie, so that it wasn't in the resolver library).

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."