Has anyone been looking at these DNSSEC changes that are going to happen on all the DNS root servers on May 5?
http://etherealmind.com/dnssec-and-why-the-internet-probably-wont-break-today/ Following the test dig commands at the bottom of that page i get: dig @158.43.128.1 +short rs.dns-oarc.net txt rst.x3827.rs.dns-oarc.net. rst.x486.x3827.rs.dns-oarc.net. rst.x456.x486.x3827.rs.dns-oarc.net. "62.189.58.236 sent EDNS buffer size 4096" "Tested at 2010-05-03 14:25:49 UTC" "62.189.58.236 DNS reply size limit is at least 3827" for the DNS server that supports DNSSEC. So, based on this it looks like our firewall is working correctly, right? but, it looks like if I do the dig using my DNS server then the reply is limited: dig +short rs.dns-oarc.net txt rst.x476.rs.dns-oarc.net. rst.x485.x476.rs.dns-oarc.net. rst.x490.x485.x476.rs.dns-oarc.net. "205.172.49.107 DNS reply size limit is at least 490" "Tested at 2010-05-03 14:31:18 UTC" "205.172.49.107 sent EDNS buffer size 4096" but, my server would have to go to the internet to look that domain up, which would go through the firewall, which could be limiting the response, right? At this time, I don't need DNSSEC enabled on my domain server to talk to the root servers, but i suppose i'll want to enable it at some point. -- Have Mercy & Say Yeah _______________________________________________ General mailing list [email protected] http://mail.brlug.net/mailman/listinfo/general_brlug.net
