[Pdns-users] PowerDNS and DNSSEC
I all, I've test DNS packet size with my pdns-resursor and it seems that I cannot get packet size over 512bytes. :~# dig +short rs.dns-oarc.net txt rst.x476.rs.dns-oarc.net. rst.x485.x476.rs.dns-oarc.net. rst.x490.x485.x476.rs.dns-oarc.net. Tested at 2010-01-25 14:29:42 UTC 92.103.108.34 lacks EDNS, defaults to 512 92.103.108.34 DNS reply size limit is at least 490 It seems that the DNSSEC version of pdns is in developpement but what is the planning for this release? What is the impact on pdns-recursor with the migration of the G root server with the dnssec protocol? Kind regards Michael ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] PowerDNS and DNSSEC
On Mon, Jan 25, 2010 at 03:35:59PM +0100, Michael FROMENT wrote: I've test DNS packet size with my pdns-resursor and it seems that I cannot get packet size over 512bytes. (...) The PowerDNS Recursor can do 512 packets over TCP/IP fine. Outside of DNSSEC, 512 byte packets are exceedingly rare. What is the impact on pdns-recursor with the migration of the G root server with the dnssec protocol? There is no impact, as the PowerDNS Recursor does not request DNSSEC records from servers. Although 'PowerDNSSEC' is still scheduled to be happening soon, this is an authoritative only solution. DNSSEC support for the PowerDNS Recursor is still a bit further away. Bert ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] PowerDNS DNSSEC: your support is needed
Hi Bert, All parties with an interest in PowerDNS and/or DNSSEC are therefore kindly requested to contact me privately if they are in a position to either acquire a support contract with us, or to fund DNSSEC development directly. is this still an issue? I couldn't access the website powerdnssec.org for details. We have registrar contracts with a lot of TLD registries and thus we noticed, that more and more registries keep an eye on DNSSEC, several registries provide test environments with DNSSEC and some (like IIS.se) even production environments. I read an earlier posting from you that stated, that there would be a directory including the keys for each domain name. But we have a pure database replication deployment, so rather than text files it would be better to have the keys within the same database as well. We could support the DNSSEC development, but in this case rather financially than by contributing code. Unfortunately I neither received an answer regarding this to a private email to Bert Hubert nor through a message I left on the contact form of the powerdns website. I hope that this way someone involved in the DNSSEC development reads my message. Kind regards Marten Lehmann ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users