BIND chroot environment in 10-RELEASE...gone?
Darren Pilgrim
list_freebsd at bluerosetech.com
Sat Dec 7 07:21:57 UTC 2013
On 12/6/2013 6:18 PM, Michael Sinatra wrote:
> Not every website uses https, but it is VERY useful and important that
> 100% of the browsers out there support https. That way, the
> client/server interactions that need https can get https. If I want
> clients to access my site over https, I simply have to put a cert on my
> website and configure it to force the clients to do the right thing.
You are absolutely right--we need DNSSEC validation in everything. But
mapping your web browser analogy to DNS, we only need the library
providing getaddrinfo() to validate responses. BIND or Unbound on
everything is equivalent to running a caching web proxy on everything.
We'd end up with about the same amount of brokenness and stale data
issues as well.
More information about the freebsd-stable
mailing list