I'd like to get your feedback on the following thoughts regarding DNSSEC HW
support.
Any layer 2 or 3 devices forwarding frames or packets should not be affected by
the implementation of DNSSEC regardless of the type of protocol (TCP/UDP) or
the query size (large or small).
Layer 4 devices (smart switches) should not be affected by the implementation
of DNSSEC using the same logic.
My thoughts are these products simply forward data based on an frame, IP
address, or protocol and should not be affected by the implementation of
DNSSEC. Would you agree?
Thanks in advance.
I think you are basically correct except for one very important caveat:
DNS BGP anycasting (in wide spread use by many large operations,) where
you might need to sign zones on the fly with special crypto hardware.
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
