Date: Mon, 19 Apr 2010 15:59:38 +0100 From: krad <kraduk@googlemail.com> To: John Levine <johnl@iecc.com> Cc: freebsd-questions@freebsd.org Subject: Re: DJB and root ns server dnssec signing Message-ID: <m2yd36406631004190759g4f1da008gc13d0c250ffde539@mail.gmail.com> In-Reply-To: <20100419145615.48204.qmail@joyce.lan> References: <n2rd36406631004190412k9fea6e71i2b61d411fd7948@mail.gmail.com> <20100419145615.48204.qmail@joyce.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
On 19 April 2010 15:56, John Levine <johnl@iecc.com> wrote: > I also use djbdns and don't expect any particular problems, since you > don't get EDNS responses if you don't make EDNS queries. > > There's a one-line patch I can probably dig up which makes dnscache > accept oversized responses. Dunno if it would help, but it's unlikely > to hurt. > > R's, > John > I think watch i really need to do is find a root ns that is already serving signed records then limit djb to that, and then i can do some testing. My gut feeling is that it will be ok, but its no where near 90% let alone 100% which is why im nervous. PR nightmare if it does go wrong
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m2yd36406631004190759g4f1da008gc13d0c250ffde539>