I hadn't done any tests because as noted below I was unaware there was any testing needed. I was responding in thread that seemed relevant.
Someone replied off list suggesting I do dig @b.root-severs.net com +dnssec +notcp then dig @b.root-servers.net com +dnssec +tcp. The latter responded correctly and the former said no servers could be reached. Doing it without either +notcp or +tcp responded correctly so I'm assuming it tried udp then tcp as normal? The network admin modified the core switch and others to allow for larger UDP responses and since he's done that it appears the +notcp option gives the right response to the dig (same as the +tcp). I assuming that means my DNS server is reading the larger udp response? There is no EDNS entry in my named.conf. Do I need one, given that above worked? The article (apparently he got it from our common manager) is one I've not seen but I'm assuming it was The Register article or something referring to it. Most of my reading since I sent the email suggests as you did that I don't need to do anything and that the original article was written in an overly alarmist fashion. Is there other testing I need to do? -----Original Message----- From: bind-users-bounces+jlightner=water....@lists.isc.org [mailto:bind-users-bounces+jlightner=water....@lists.isc.org] On Behalf Of Alan Clegg Sent: Monday, May 03, 2010 12:23 PM To: bind-users@lists.isc.org Subject: Re: Preparing for upcoming DNSSEC changes on 5/5 On 5/3/2010 4:36 PM, Lightner, Jeff wrote: > It sounds as if he read an article saying we have to implement DNSSEC on > our DNS servers or we'll quit working on 5/5? Is that the case? > > Also what is the drop dead date/time if so? 5/5 Midnight UTC? Some > other time? You don't need to do anything more than be sure that you have a clean network path. There is nothing "to do" by 5/5 as long as the tests that you say worked actually did work. If you have additional information on "the article" that he read implying that more needs to be done, please provide a link. Thanks, AlanC Proud partner. Susan G. Komen for the Cure. Please consider our environment before printing this e-mail or attachments. ---------------------------------- CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. ---------------------------------- _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users