DNSSEC and Geodns
Mike McGrath
mmcgrath at redhat.com
Sat Nov 21 03:13:08 UTC 2009
On Fri, 20 Nov 2009, Stephen John Smoogen wrote:
> On Fri, Nov 20, 2009 at 3:09 PM, Mike McGrath <mmcgrath at redhat.com> wrote:
> > Nothing's ever easy, is it?
> >
> > So I got pdns up and going this afternoon with it's geo back end. It's
> > working as expected and everything is good. The problem is pdns's dnssec
> > implementation is... not particularly mature or really even usable AFAIK
> > with geodns.
> >
> > Anyone out there doing both geo location and dnssec with their name
> > servers?
>
> Not really. Most places I know do not do dns-sec (either waiting until
> .com/.org is signed or until its required) or if they are doing
> dns-sec aren't doing geoip. The solutions that comes to mind would be
> to have the geoip code in an unsigned sub-zone. Its not great but
> until 2011 I don't see it being much better.
>
Ugh, I really don't want to have to choose, nb did great work with getting
dnssec going.
-Mike
More information about the Fedora-infrastructure-list
mailing list