Beta Release Notes
Adam Tkac
atkac at redhat.com
Thu Mar 12 17:04:03 UTC 2009
On Thu, Mar 12, 2009 at 08:13:02AM -0400, John J. McDonough wrote:
> I have opened up a wiki page for the Beta release notes. Right now this
> is essentially a copy of the Alpha release notes. If you are the owner
> of one of the major features, please review these notes and update them
> to reflect progress since Alpha.
>
> These draft Beta release notes can be found at:
> http://fedoraproject.org/wiki/Fedora_11_Beta_release_notes
>
It would be nice to have a statement about DNSSEC in beta notes
because many users might be interested in.
-----
DNSSEC - DNS Security Extensions
Bind and unbound (recursive DNS servers) now enable DNSSEC validation
in their default configuration. DNSSEC Lookaside Verification (DLV) is
not enabled. This behaviour can be modified in
/etc/sysconfig/dnssec by changing the DNSSEC and DLV settings.
With DNSSEC enabled, when a domain supplies DNSSEC data (such as .gov,
.se, the ENUM zone and other TLD's) then that data will be
cryptographically validated on the recursive DNS server. If validation
fails, due to attempts at cache poisoning (eg via a Kaminsky Attack)
then the enduser will not be given this forged/spoofed data. DNSSEC
deployment is gaining speed rapidly, and is a crucial part and the
next logical step to make the internet more secure for end users.
For more information and troubleshooting see
http://fedoraproject.org/wiki/Features/DNSSEC
-----
Could you add statement written above to beta release notes, please?
Or should I take an action.
Regards, Adam
--
Adam Tkac, Red Hat, Inc.
More information about the fedora-devel-list
mailing list