[CentOS] DNSSEC

Fri Apr 30 18:44:51 UTC 2010
m.roth at 5-cent.us <m.roth at 5-cent.us>

Drew wrote:

> Behalf Of m.roth at 5-cent.us
> Sent: Friday, April 30, 2010 1:07 PM
>
>>    There's an article on slashdot,
>> <http://tech.slashdot.org/article.pl?sid=10/04/30/1258234>
>
>> Excerpt:
>> ...the coming milestone of May 5, at 17:00 UTC - at this time DNSSEC will
>> be rolled out across all 13 root servers. Some Internet users, especially
>> those inside corporations and behind smaller ISPs, may experience
>> intermittent problems. The reason is that some older networking equipment
>> is pre-configured to block any reply to a DNS request that exceeds 512
>> bytes in size. DNSSEC replies are typically four times as large.
>> --- end excerpt ---
>
>> I followed the link from the story to
>> <https://www.dns-oarc.net/oarc/services/replysizetest>, a coordinating
>> organization, and tried their test (as root):
>>  dig +short rs.dns-oarc.net txt
>
>> And see that where I work, we're not ready. Is anyone following this,
>> and/or have a HOWTO on enabling it for CentOS?
>
>> It's enabled by default if BIND is the right version nothing needs to be
>> done.
>
> I found it kind of sad that the version of BIND that comes with the latest
> version of CentOS 4 is so old that it doesn't support DNSSEC.

So it doesn't look like our servers run bind; it's the network folks.... I
wonder if my boss should contact them....

        mark