[NA-Discuss] Stability, Security, and Resilience of the DNS Review Team

Evan Leibovitch evan at telly.org
Thu Apr 7 20:56:41 UTC 2011

On 7 April 2011 16:45, John R. Levine <johnl at iecc.com> wrote:

> For those community-based TLD proposals from poorer economies -- the ones
>> for whom the JAS group has been formed to try to lower costs -- the use of
>> one of the big registry operators is *not* a given, and in these cases the
>> cost of implementing DNSSEC could be significant.
> I see your point, but I don't think it's a problem.  If you have a small
> zone, you can do everything with BIND or NSD or unbound. You need competent
> staff to manage it, but it's all industry standard free software, most
> likely the same software you'd be using anyway.  If .MUSEUM can sign and
> publish, which it does using that freeware, I think it's fair to expect
> other small TLDs to do the same thing.

Just to be clear... you're saying the benefits of universal DNSSEC outweigh
the costs, even for smaller (and less financially capable) TLDs. (And there
will certainly be costs to implement, even if the software itself is

This, combined with Eduardo's agreement that DNSSEC should be mandatory
everywhere, seems to indicate a lack of agreement with an ALAC statement
that suggests otherwise.

What do other think? If there is even partial agreement with the stances
taken by Eduardo and John, I can't really vote in favour of the statement.

- Evan

More information about the NA-Discuss mailing list