Educause Security Discussion mailing list archives
Re: DNSSEC Implementations
From: Chris Green <cmgreen () UAB EDU>
Date: Wed, 22 Dec 2010 13:40:13 -0600
My only anecdote thus far is when we did 2008R2 and upgraded our last DC, we broke NIH.GOV lookups due to EDNS0 / RFC2671 being turned on by default. http://support.microsoft.com/kb/832223; Those are my favorite kind of errors: 'intermittent network issues' in departments fairly removed from the time of configuration change. I half expect more things to go the way chome plop in internal resolvers to help users debug issues. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Allen Barrett Sent: Wednesday, December 22, 2010 1:26 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] DNSSEC Implementations We've all got to do it sooner or later. I've been resisting, but I'll have to bite the bullet. We're a Microsoft shop... I'd be interested in hearing any anecdotal posts from others running MS DNS servers.... On Wed, Dec 22, 2010 at 1:18 PM, Martin Manjak <mm376 () albany edu<mailto:mm376 () albany edu>> wrote: We are in the process of planning for our DNSSEC implementation. First, is there a separate list for .edus that are rolling this out? If not, and the topic belongs here, I would like to hear from any schools that have deployed it, or are planning to deploy it. Marty -- Martin Manjak Information Security Officer University at Albany CISSP, GSEC, GCWN "What information consumes...is the attention of its recipients." Herbert Simon, 1971 -- Allen Barrett IT Security and Systems Administrator Harding University Admin 304 (501) 279-4198
Current thread:
- DNSSEC Implementations Martin Manjak (Dec 22)
- Re: DNSSEC Implementations Allen Barrett (Dec 22)
- Re: DNSSEC Implementations Chris Green (Dec 22)
- Re: DNSSEC Implementations Jack Suess (Dec 22)
- Re: DNSSEC Implementations Martin Manjak (Dec 23)
- Re: DNSSEC Implementations Chris Green (Dec 22)
- Re: DNSSEC Implementations Allen Barrett (Dec 22)
- Re: DNSSEC Implementations John Kristoff (Dec 22)
- Re: DNSSEC Implementations Michael Sinatra (Dec 23)
- Re: DNSSEC Implementations Martin Manjak (Dec 23)
- Re: DNSSEC Implementations Michael Sinatra (Dec 23)
- Re: DNSSEC Implementations Michael Sinatra (Dec 23)