Educause Security Discussion mailing list archives
Re: DNSSEC Deployment
From: Bruce Curtis <bruce.curtis () NDSU EDU>
Date: Mon, 17 May 2010 16:23:14 -0500
On May 17, 2010, at 1:43 PM, Jason Frisvold wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Has anyone deployed/started to deploy DNSSEC? Any gotchas to look out for?
We ran into a gotcha. When we turned on DNSSEC verification on our DNS servers running the standard RedHat Enterprise release the DNS daemon died. https://bugzilla.redhat.com/show_bug.cgi?id=555848 RedHat has a proposed patch but it's not been incorporated into a released RPM yet. Perhaps if of lots of RedHat customers let RedHat know this is important to them it would get fixed sooner rather than later?
Any commentary on system load, network load, etc? With Educause signing .edu in June, I suppose we are being pushed into at least looking seriously at deploying DNSSEC.. I'm still extremely skeptical of the technology, but it looks inevitable at this point. Thanks, - -- - --------------------------- Jason Frisvold Network Engineer frisvolj () lafayette edu - --------------------------- "What I cannot create, I do not understand" - Richard Feynman -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.13 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkvxjmcACgkQO80o6DJ8UvnqAQCfbYBlQhJGYbiCnTZCDHPdzsFj i0sAoISrE3qnJadW/80vSVPDvUtEgrET =Vx/V -----END PGP SIGNATURE-----
--- Bruce Curtis bruce.curtis () ndsu edu Certified NetAnalyst II 701-231-8527 North Dakota State University
Current thread:
- Re: DNSSEC Deployment, (continued)
- Re: DNSSEC Deployment John Kristoff (May 17)
- Re: DNSSEC Deployment Jason Frisvold (May 17)
- Re: DNSSEC Deployment John Ladwig (May 17)
- Re: DNSSEC Deployment Joe St Sauver (May 17)
- Re: DNSSEC Deployment Michael Sinatra (May 17)
- Re: DNSSEC Deployment Joe St Sauver (May 17)
- Re: DNSSEC Deployment Michael Sinatra (May 17)
- Re: DNSSEC Deployment John Kristoff (May 17)
- Re: DNSSEC Deployment Jason Frisvold (May 17)
- Re: DNSSEC Deployment Jason Frisvold (May 17)
- Re: DNSSEC Deployment Bruce Curtis (May 17)
- Re: DNSSEC Deployment John Kristoff (May 17)
- Re: DNSSEC Deployment Michael Sinatra (May 17)
- Re: DNSSEC Deployment John Ladwig (May 17)
- Re: DNSSEC Deployment Michael Sinatra (May 17)