named stops resolving anything -- dnssec issue

Jonathan Kamens jik at kamens.brookline.ma.us
Sun Apr 5 16:32:37 UTC 2009


On 04/05/2009 12:04 PM, Chuck Anderson wrote:
> Because DNSSEC is still in it's infancy w.r.t. production deployment
> on the Internet.  The powers that be still haven't signed the root
> zone, and most TLD zones aren't signed either.  So we have to live
> with the hack known as DLV for now, and there isn't much robustness in
> that service yet.
>    
Then Fedora shouldn't be shipping bind RPMs that turn DNSSEC validation 
on, should it?  Or perhaps dnssec-must-be-secure can be used in 
named.conf to configure in such a way that named tries DNSSEC validation 
but allows the query to proceed (with an error message logged) even if 
it fails?

   jik




More information about the fedora-test-list mailing list