[dns-operations] The possible problems after May 5th

Mark Andrews marka at isc.org
Fri Apr 9 12:21:50 UTC 2010

In message <20100409113503.GI12586 at macbook.catpipe.net>, Phil Regnauld writes:
> Matthew Dempsky (matthew) writes:
> > 
> > Why?  How does the root zone being signed affect TCP requirements for
> > non-root name servers?
> 	BIND sets DO on upstream requests even when the client doesn't.
> 	So, even if your caching server doesn't ask for DNSSEC data,
> 	if it's downstream of BIND (this may not be the only implementation
> 	doing this), you can run into issues.
> 	http://serverfault.com/questions/106207/what-are-the-effects-of-the-l-ro
> ot-server-now-publishing-durz
> 	"In those circumstances the root servers may send back additional DNSSEC
>  records which may cause problems in the unlikely event that you've got broken
>  network gear and/or misconfigured firewalls in the path."

Which doesn't answer the query.
> 	Cheers,
> 	Phil
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the dns-operations mailing list