[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Tue, 2010-04-13 at 15:39 +0200, Juan J. Martínez wrote: > > DNSSEC requires software in the server and in the client. If your client > doesn't speak the extensions... it won't affect you at all :) > Correct. The article states that the root servers are only going to answer with signed answers. That is not true, so querying a root server with a non-dnssec enabled query will get you the same result as before. You can already test this as the UK root has already been signed. > Am I getting it totally wrong? > No :-) However, the article is correct in some respects. Some firewalls are known to have a problem with the extend packet sizes of dnssec. We ran some 'dig' commands, and the OARC ones, at work just in case... :-) Cambridge Uni (cam.ac.uk) and ISC (isc.org) are already using DNSSEC so querying some of their hosts, using a dnssec enabled resolver, might show you whether you are going to have a problem or not as well. John. -- John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html