Drew wrote: > Behalf Of m.roth at 5-cent.us > Sent: Friday, April 30, 2010 1:07 PM > >> There's an article on slashdot, >> <http://tech.slashdot.org/article.pl?sid=10/04/30/1258234> > >> Excerpt: >> ...the coming milestone of May 5, at 17:00 UTC - at this time DNSSEC will >> be rolled out across all 13 root servers. Some Internet users, especially >> those inside corporations and behind smaller ISPs, may experience >> intermittent problems. The reason is that some older networking equipment >> is pre-configured to block any reply to a DNS request that exceeds 512 >> bytes in size. DNSSEC replies are typically four times as large. >> --- end excerpt --- > >> I followed the link from the story to >> <https://www.dns-oarc.net/oarc/services/replysizetest>, a coordinating >> organization, and tried their test (as root): >> dig +short rs.dns-oarc.net txt > >> And see that where I work, we're not ready. Is anyone following this, >> and/or have a HOWTO on enabling it for CentOS? > >> It's enabled by default if BIND is the right version nothing needs to be >> done. > > I found it kind of sad that the version of BIND that comes with the latest > version of CentOS 4 is so old that it doesn't support DNSSEC. So it doesn't look like our servers run bind; it's the network folks.... I wonder if my boss should contact them.... mark