Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. SpamAssassin>
  3. users
OT: SPF and DNSSEC
ericx_lists at vineyard
Mar 11, 2004, 8:15 AM
Post #1 of 2 (393 views)
Permalink
Doesn't SPF and the general increase in the likelihood of DNS attack
necessitate signing zone files?

We haven't done so yet because of the performance cost. Albitz and Liu
paint a pretty daunting picture in their book (DNS and BIND, 4th ed. pp
362-363).

Are you folks already signing? Are you planning to?

--
eric
Re: SPF and DNSSEC [ In reply to ]
gcirino at cirelle
Mar 12, 2004, 4:46 AM
Post #2 of 2 (382 views)
Permalink
----- Original Message -----
From: "Eric W. Bates" <ericx_lists@vineyard.net>
Subject: OT: SPF and DNSSEC


| Doesn't SPF and the general increase in the likelihood of DNS attack
| necessitate signing zone files?
|
| We haven't done so yet because of the performance cost. Albitz and Liu
| paint a pretty daunting picture in their book (DNS and BIND, 4th ed. pp
| 362-363).

We use djbdns and according to the author, it is immune from DNS attacks
poisoning etc.. and so far no issues here. Bind on the other hand may have
some issues.

|
| Are you folks already signing? Are you planning to?
|

I've registered 4 domains so far.

Greg

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal