[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: named stops resolving anything -- dnssec issue



On 04/05/2009 12:04 PM, Chuck Anderson wrote:
Because DNSSEC is still in it's infancy w.r.t. production deployment
on the Internet.  The powers that be still haven't signed the root
zone, and most TLD zones aren't signed either.  So we have to live
with the hack known as DLV for now, and there isn't much robustness in
that service yet.
Then Fedora shouldn't be shipping bind RPMs that turn DNSSEC validation on, should it? Or perhaps dnssec-must-be-secure can be used in named.conf to configure in such a way that named tries DNSSEC validation but allows the query to proceed (with an error message logged) even if it fails?

  jik


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]