On Fri, Mar 2, 2012 at 1:26 AM, bert hubert <[email protected]> wrote: > 3.1 auth will come first. So it is no longer true. After 3.1 auth we will do > 3.4 recursor first, which will not come with DNSSEC yet, but does have > important improvements. > DNSSEC will happen after that. Immediately. ;-)
Well here are two future feature request for that DNSSEC enabled pdns-recursor: * Ability to exclude a particular domain from DNSSEC validation; for example if a popular site ( say nasa.gov ) updates their keys incorrectly so that their domain fails validation, you contact their admins. and with a high level of confidence you determine this is a configuration mistake and not a security breach, you can then exclude them from DNSSEC validation so your customers can access their site while they fix their error. * Ability to log DNSSEC validation failures in domains, so that you can proactively be aware of situations like the above scenario. -- Augie Schwer - [email protected] - http://schwer.us _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
