[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Beta Release Notes

On Thu, Mar 12, 2009 at 08:13:02AM -0400, John J. McDonough wrote:
> I have opened up a wiki page for the Beta release notes.  Right now this 
> is essentially a copy of the Alpha release notes.  If you are the owner 
> of one of the major features, please review these notes and update them 
> to reflect progress since Alpha.
> These draft Beta release notes can be found at:
> http://fedoraproject.org/wiki/Fedora_11_Beta_release_notes

It would be nice to have a statement about DNSSEC in beta notes
because many users might be interested in.

DNSSEC - DNS Security Extensions

Bind and unbound (recursive DNS servers) now enable DNSSEC validation
in their default configuration. DNSSEC Lookaside Verification (DLV) is
not enabled. This behaviour can be modified in
/etc/sysconfig/dnssec by changing the DNSSEC and DLV settings.

With DNSSEC enabled, when a domain supplies DNSSEC data (such as .gov,
.se, the ENUM zone and other TLD's) then that data will be
cryptographically validated on the recursive DNS server. If validation
fails, due to attempts at cache poisoning (eg via a Kaminsky Attack)
then the enduser will not be given this forged/spoofed data. DNSSEC
deployment is gaining speed rapidly, and is a crucial part and the
next logical step to make the internet more secure for end users.

For more information and troubleshooting see

Could you add statement written above to beta release notes, please?
Or should I take an action.

Regards, Adam

Adam Tkac, Red Hat, Inc.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]