You claimed your business focus is security, yet why don't you Implement DNSSEC on your resolver server? DNSCurve/DNSCrypt is nice and I'm already using it, but it only protects the communication between end user and OpenDNS. No guarantee that the query answered to your resolver by authoritative name server is authentic. You even mentioned on your DNScrypt FAQ that the DNSSEC is complementary to DNSCrypt. Is there any tangible plan to implement DNSSEC?
Please sign in to leave a comment.