> (a) Bottom-up DNS security can continue to succeed to the point where it links resolvers and caches to authority server From my reading of dnsop the IETF isn't likely to reach consensus on how authoritative traffic…
With DNSSEC there is an authenticated chain from the root down. Without the private key materials for a delegation a hijacker wouldn't be able to provide appropriate signatures and so resolution would fail.
> Slack had a multi-hour total sitewide outage earlier this year that came from attempting to turn it on. I don't particularly want to defend DNSSEC here but Slack picked Route 53, who both have had and continue to have…
> (a) Bottom-up DNS security can continue to succeed to the point where it links resolvers and caches to authority server From my reading of dnsop the IETF isn't likely to reach consensus on how authoritative traffic…
With DNSSEC there is an authenticated chain from the root down. Without the private key materials for a delegation a hijacker wouldn't be able to provide appropriate signatures and so resolution would fail.
> Slack had a multi-hour total sitewide outage earlier this year that came from attempting to turn it on. I don't particularly want to defend DNSSEC here but Slack picked Route 53, who both have had and continue to have…