DNSSEC in Fedora-11: Enable or Disable?
Ray Van Dolson
rayvd at bludgeon.org
Thu Mar 5 16:13:29 UTC 2009
On Wed, Mar 04, 2009 at 11:20:30PM -0500, Paul Wouters wrote:
> - DNSSEC requires EDNS0 and stupid firewall administrators might be blocking
> TCP port 53 and UDP packets > 512 bytes, possibly causing DNS problems if
> these are located in front of DNSSEC capable resolvers.
Also some commercial firewalls have issues with their "DNS protection"
features enabled[1]. Perhaps an effort could be made to document
various common EDNS related issues (in the case above, disabling
SmartDefense) to help administrators work around these inevitable
issues. I've contacted remote hostmasters to ask them to adjust their
configurations before -- more hands using these features should help to
slowly get everyone else on board...
Ray
[1]: http://lists.virus.org/fw1-0901/msg00014.html
More information about the fedora-devel-list
mailing list