Recent feedback given to us has suggested that facilities like DLV repositories may be a difficult pill for some operators to swallow.
After all, it doesn't matter whose DLV repo you use, they get to see all of your DNS traffic after that (modulo RRset TTLs). Hopefully
they don't go off and share it with others, but how would anyone know?
Our thoughts on this were recently broached on the DNSSEC-Deployment Initiative's mailing list
here.
As a result of this sort of feedback, and in keeping with our feelings that operators should be able to benefit from SecSpider w/o
blindly trusting it, we now offer a BIND formatted trust-anchor file. This
enables anyone who runs a recursive resolver to use an include pragma to configure their recursive resolver to use SecSpider's
keys. Moreover,
anyone can make any additions or subtractions to this file and keep all of their verification traffic local. No more DLV snooping! ;)
We suggest that anyone interested in getting the benefit of verified keys into their resolvers consider downloading this file (which is
regenerated after every SecSpider run) and using it asap.
SecSpider the DNSSEC Monitoring Project
Trusted Key File Now Available!
