[dns-operations] The possible problems after May 5th
Mark Andrews
marka at isc.org
Fri Apr 9 12:21:50 UTC 2010
In message <20100409113503.GI12586 at macbook.catpipe.net>, Phil Regnauld writes:
> Matthew Dempsky (matthew) writes:
> >
> > Why? How does the root zone being signed affect TCP requirements for
> > non-root name servers?
>
> BIND sets DO on upstream requests even when the client doesn't.
> So, even if your caching server doesn't ask for DNSSEC data,
> if it's downstream of BIND (this may not be the only implementation
> doing this), you can run into issues.
>
> http://serverfault.com/questions/106207/what-are-the-effects-of-the-l-ro
> ot-server-now-publishing-durz
>
> "In those circumstances the root servers may send back additional DNSSEC
> records which may cause problems in the unlikely event that you've got broken
> network gear and/or misconfigured firewalls in the path."
Which doesn't answer the query.
> Cheers,
> Phil
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list