Recently there have been some notable outages of popular DNSSEC DLV repositories:
, etc. These failures don't
necessarily denote any lack of diligence on the part of the operators. Rather, these outages reinforce that operational missteps are a
reality for Internet systems (any Internet system). As such, this really calls into question whether one should be building in
a single point of failure into DNSSEC, such as DLV. A recent
fiber cut in the Bay Area helps to underscore
that any single operational group can be a victim of a determined attacker and any dependent parties can thereby share their fate.
As a result, this seems to be quite an opportune moment to restate our beliefs on the SecSpider project: trust-anchors should
be locally configured and loaded into resolvers so that secure look-up decisions do not involve any in-line 3rd parties.
Furthermore, we should not forget that using a DLV
repository tells the DLV operators more about your DNS traffic patterns than even root operators know. However, if your ability
to verify DNSKEYs fails because of an error in someone's Python script, you may be wondering if you have an alternative.
-- well --
You do... Download our ta-grab.sh script and use it to download SecSpider's trust-anchor list from a
cron-job. For example:
0 0 * * * /usr/local/bin/ta-grab.sh
Presto, you're done... This script will download the TA file from SecSpider, check to see if it has changed from the last time, and if
so, restart your
unbound resolver. All you need to do is configure unbound to load the BIND-formatted trusted-keys
and you're all set. The script is very simple and very modifiable (in case you want any changes). Furthermore, while this simple
script will get you started today, you can use it to get the TA file and then make any local modifications that you like. Now,
you won't be affected by anyone's outages and you can still stay abreast of TA changes!
Tue, 14 Apr 2009 13:58:25 PDT
Sat Dec 11 00:43:54 2010
Sat Dec 11 00:44:41 2010
Thu Nov 17 09:19:10 2011
I need more info
<a href=”http:// www.hindustanmarkets.com”> B2B Portal India , exporters in india, importers in india, B2B Marketplace Services, manufacturer directory </a>