Salut, On Sat, Aug 08, 2009 at 11:16:16AM -0400, Perry E. Metzger wrote: > I suppose I'm not in my right mind, then, and neither are lots of people > who care about security in circumstances where no other trustworthy > server exists. > > (As an aside, one wonders where you think people can always get said > "other servers" from -- do you imagine that all servers on the internet > permit recursive queries from unknown machines? Of course, often there > is an untrustworthy ISP server available, which these days is often > happy to provide you with the "service" of redirecting you to > advertising pages they manage when you "mistakenly" ask for a > non-existent A record.) Ok, let's talk security then. What do you think your dnssec signature generator is going to do if named is started before ntpd? Tonnerre
Attachment:
pgpRm4q1sEiQr.pgp
Description: PGP signature