DNSSEC in Fedora-11: Enable or Disable?
Paul Wouters
paul at xelerance.com
Thu Mar 5 15:59:31 UTC 2009
On Thu, 5 Mar 2009, Chris Adams wrote:
> Once upon a time, Paul Wouters <paul at xelerance.com> said:
>> Adam Tkac and I maintain the two recursive nameservers in Fedora. We need
>> to decide before the beta freeze whether we want recursing caching
>> nameservers to enable or disable DNSSEC per default.
>
> Given the possible impact, IMHO it would be better to do this much
> earlier in the release cycle.
>
> I don't think there's any rush to support DNSSEC resolvers, since
> there's little support for DNSSEC authoritative data in the real world.
http://www.xelerance.com/dnssec/
The map is missing .gov (as I don't know yet how to colour the US for that)
There are currently two gTLD's, 5 ccTLD's, 56 in-arpa's and the ENUM
zones that are DNSSEC signed. I am expecting to see most TLD's support
DNSSEC in the next year or two, with the earlier ones (including .org)
tentatively happening in 6-12 months. This is based on my experience with
the DHS DNSSEC Deployment Initiative, IETF, DNS-OARC and ICANN meetings
that I've been to and where I talked to the TLD people.
See further some of my slide decks at http://www.xelerance.com/engagements/
Paul
More information about the fedora-devel-list
mailing list