Preparing for upcoming DNSSEC changes on 5/5

Lightner, Jeff jlightner at water.com
Mon May 3 20:14:03 UTC 2010 

I posted a note just before this so not sure if you saw that.

In that I noted my set of EDNS seemed to be contra-indicated as default
is 4096.  Setting it to the lower value worked to set advertised value
but in turn the lower value reduced again so it seems one would never be
able to advertise the same value as the lower one.

-----Original Message-----
From: bind-users-bounces+jlightner=water.com at lists.isc.org
[mailto:bind-users-bounces+jlightner=water.com at lists.isc.org] On Behalf
Of Kalman Feher
Sent: Monday, May 03, 2010 3:56 PM
To: bind-users at lists.isc.org
Subject: Re: Preparing for upcoming DNSSEC changes on 5/5


On 3/05/10 7:34 PM, "Lightner, Jeff" <jlightner at water.com> wrote:


> There is no EDNS entry in my named.conf.  Do I need one, given that
> above worked?
You probably should. Your resolver is saying its capable of handling
4096,
but apparently your network path may not support that. The changes on
the
5/5 will not require it however.
> 
> The article (apparently he got it from our common manager) is one I've
> not seen but I'm assuming it was The Register article or something
> referring to it.   Most of my reading since I sent the email suggests
as
> you did that I don't need to do anything and that the original article
> was written in an overly alarmist fashion.

Yes. We've had several customers contact us in a panic after reading
that
article. Most people will be fine. But there's nothing wrong with
learning
about the upcoming changes. Unfortunately articles like that do not
assist
in spreading accurate information.

> 
> Is there other testing I need to do?
No.
> 
> 
> -----Original Message-----
> From: bind-users-bounces+jlightner=water.com at lists.isc.org
> [mailto:bind-users-bounces+jlightner=water.com at lists.isc.org] On
Behalf
> Of Alan Clegg
> Sent: Monday, May 03, 2010 12:23 PM
> To: bind-users at lists.isc.org
> Subject: Re: Preparing for upcoming DNSSEC changes on 5/5
> 
> On 5/3/2010 4:36 PM, Lightner, Jeff wrote:
> 
>> It sounds as if he read an article saying we have to implement DNSSEC
> on
>> our DNS servers or we'll quit working on 5/5?  Is that the case?
>> 
>> Also what is the drop dead date/time if so?  5/5 Midnight UTC?  Some
>> other time?
> 
> You don't need to do anything more than be sure that you have a clean
> network path.  There is nothing "to do" by 5/5 as long as the tests
that
> you say worked actually did work.
> 
> If you have additional information on "the article" that he read
> implying that more needs to be done, please provide a link.
> 
> Thanks,
> AlanC
>  
> Proud partner. Susan G. Komen for the Cure.
>  
> Please consider our environment before printing this e-mail or
attachments.
> ----------------------------------
> CONFIDENTIALITY NOTICE: This e-mail may contain privileged or
confidential
> information and is for the sole use of the intended recipient(s). If
you are
> not the intended recipient, any disclosure, copying, distribution, or
use of
> the contents of this information is prohibited and may be unlawful. If
you
> have received this electronic transmission in error, please reply
immediately
> to the sender that you have received the message in error, and delete
it.
> Thank you.
> ----------------------------------
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Kal Feher 

_______________________________________________
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
 
Proud partner. Susan G. Komen for the Cure.
 
Please consider our environment before printing this e-mail or attachments.
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------

More information about the bind-users mailing list