Salut,
On Sat, Aug 08, 2009 at 11:16:16AM -0400, Perry E. Metzger wrote:
> I suppose I'm not in my right mind, then, and neither are lots of people
> who care about security in circumstances where no other trustworthy
> server exists.
>
> (As an aside, one wonders where you think people can always get said
> "other servers" from -- do you imagine that all servers on the internet
> permit recursive queries from unknown machines? Of course, often there
> is an untrustworthy ISP server available, which these days is often
> happy to provide you with the "service" of redirecting you to
> advertising pages they manage when you "mistakenly" ask for a
> non-existent A record.)
Ok, let's talk security then. What do you think your dnssec signature
generator is going to do if named is started before ntpd?
Tonnerre
Attachment:
pgpRm4q1sEiQr.pgp
Description: PGP signature