Apparently, though unproven, at 18:21 on Monday 08 November 2010, James did opine thusly:
> Hello, > > Several times in the past, I have approached > setting up DNS servers, only to get side-tracked. > I'm making another stab as setting my DNS > servers for my humble, small cidr (/29) block. Don't take this the wrong way, but you probably don't want to go this route right now. Your questions and statements indicate that you do not know much about DNSSEC and probably not DNS itself either. DNS is not trivial, regardless of what anyone tells you. DNSSEC less so. This is a topic best left to groups that do it all day every day, the hobbyist approach isn't what you want. How do I know this? Well, I have 7 years of DNS support tickets I can trawl through :-) The number of mistakes made by clients, the number of silly requests they make and the sheer amount of misinformation about how DNS works is unbelievable. By contrast, there's no record of my team (who admin the servers) making any mistakes, ever. And the fellow who sits next to me (and signs off on my performance review) just signed the .za zone. I watched him, I know how non-trivial it is :-) Play with DNSSEC by all means if it intrigues you. If you get it right easily, you can write a wiki page that helps others immensely. But just be informed upfront about what it's going to take. > > Now it seems DNSSEC is all the rage, even > at the root servers [1]. > > So what am i to choose to effect DNSSEC on gentoo? > Hardware suggestions on low power (5-10 watts) (embedded) > hardware with Gentoo are welcome. > > net-dns/unbound (portage) [2] > bind9 (portage) > nsd (?) > opendnssec (sunrise overlay) > ??? > > Googling and research has led me to reading > quite a lot of interesting, but fragmented > thoughts on the subject of DNSSEC and gentoo. > > Any discussion or guidance is appreciated. > > [1] http://www.root-dnssec.org/ > [2] http://www.unbound.net/documentation/howto_anchor.html > [3] https://svn.whyscream.net/whyscream-overlay/sunrise-dev/net-dns/ > [4]http://gentoo-overlays.zugaina.org/sunrise/net-dns.html.en > > [] https://www.dnssec-tools.org/wiki/index.php/Tutorials -- alan dot mckinnon at gmail dot com
