named stops resolving anything -- dnssec issue
Jonathan Kamens
jik at kamens.brookline.ma.us
Sun Apr 5 16:32:37 UTC 2009
On 04/05/2009 12:04 PM, Chuck Anderson wrote:
> Because DNSSEC is still in it's infancy w.r.t. production deployment
> on the Internet. The powers that be still haven't signed the root
> zone, and most TLD zones aren't signed either. So we have to live
> with the hack known as DLV for now, and there isn't much robustness in
> that service yet.
>
Then Fedora shouldn't be shipping bind RPMs that turn DNSSEC validation
on, should it? Or perhaps dnssec-must-be-secure can be used in
named.conf to configure in such a way that named tries DNSSEC validation
but allows the query to proceed (with an error message logged) even if
it fails?
jik
More information about the fedora-test-list
mailing list