The things DNSSEC does that aren’t DANE are totally unimportant. DANE is its sole reason for continued existence.
@tqbf DNSSEC is a crazy over-complicated solution, but DNS data is important enough to deserve an end-to-end checksum.
-
-
@colmmacc You could add a single field to the SOA record to provide a checksum, or any of a zillion other things. -
@tqbf I did bring up a checksum EDNS0 option at the WG in Dublin, but was shot down due to "that's what DNSSEC is for". - 1 more reply
New conversation -
-
-
@colmmacc You can also checksum the DNS out of band, without changing DNS at all.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
This Tweet is unavailable.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.