Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DNSSEC Implementations

From: Chris Green <cmgreen () UAB EDU>
Date: Wed, 22 Dec 2010 13:40:13 -0600
My only anecdote thus far is when we did 2008R2 and upgraded our last DC, we broke NIH.GOV lookups due to EDNS0 / 
RFC2671 being turned on by default. http://support.microsoft.com/kb/832223;  Those are my favorite kind of errors:  
'intermittent network issues' in departments fairly removed from the time of configuration change.

I half expect more things to go the way chome plop in internal resolvers to help users debug issues.


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Allen 
Barrett
Sent: Wednesday, December 22, 2010 1:26 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] DNSSEC Implementations

We've all got to do it sooner or later.  I've been resisting, but I'll have to bite the bullet.  We're a Microsoft 
shop...   I'd be interested in hearing any anecdotal posts from others running MS DNS servers....
On Wed, Dec 22, 2010 at 1:18 PM, Martin Manjak <mm376 () albany edu<mailto:mm376 () albany edu>> wrote:
We are in the process of planning for our DNSSEC implementation.

First, is there a separate list for .edus that are rolling this out?

If not, and the topic belongs here, I would like to hear from any
schools that have deployed it, or are planning to deploy it.

Marty

--
Martin Manjak
Information Security Officer
University at Albany
CISSP, GSEC, GCWN

"What information consumes...is the attention of its recipients."
Herbert Simon, 1971



--
Allen Barrett
IT Security and Systems Administrator
Harding University
Admin 304
(501) 279-4198
Previous By Date Next
Previous By Thread Next

Current thread: