Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DNSSEC Deployment

From: Bruce Curtis <bruce.curtis () NDSU EDU>
Date: Mon, 17 May 2010 16:23:14 -0500
On May 17, 2010, at 1:43 PM, Jason Frisvold wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Has anyone deployed/started to deploy DNSSEC?  Any gotchas to look out
for?  



  We ran into a gotcha.

  When we turned on DNSSEC verification on our DNS servers running the standard RedHat Enterprise release the DNS 
daemon died.

https://bugzilla.redhat.com/show_bug.cgi?id=555848

  RedHat has a proposed patch but it's not been incorporated into a released RPM yet.

  Perhaps if of lots of RedHat customers let RedHat know this is important to them it would get fixed sooner rather 
than later?


Any commentary on system load, network load, etc?

With Educause signing .edu in June, I suppose we are being pushed into
at least looking seriously at deploying DNSSEC..  I'm still extremely
skeptical of the technology, but it looks inevitable at this point.

Thanks,

- -- 
- ---------------------------
Jason Frisvold
Network Engineer
frisvolj () lafayette edu
- ---------------------------
"What I cannot create, I do not understand"
  - Richard Feynman
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.13 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkvxjmcACgkQO80o6DJ8UvnqAQCfbYBlQhJGYbiCnTZCDHPdzsFj
i0sAoISrE3qnJadW/80vSVPDvUtEgrET
=Vx/V
-----END PGP SIGNATURE-----




---
Bruce Curtis                         bruce.curtis () ndsu edu
Certified NetAnalyst II                701-231-8527
North Dakota State University
Previous By Date Next
Previous By Thread Next

Current thread: