From owner-freebsd-questions@FreeBSD.ORG  Mon Apr 19 14:59:40 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6EAD3106566B
	for <freebsd-questions@freebsd.org>;
	Mon, 19 Apr 2010 14:59:40 +0000 (UTC)
	(envelope-from kraduk@googlemail.com)
Received: from mail-ew0-f224.google.com (mail-ew0-f224.google.com
	[209.85.219.224])
	by mx1.freebsd.org (Postfix) with ESMTP id F3C3F8FC16
	for <freebsd-questions@freebsd.org>;
	Mon, 19 Apr 2010 14:59:39 +0000 (UTC)
Received: by ewy24 with SMTP id 24so1427911ewy.33
	for <freebsd-questions@freebsd.org>;
	Mon, 19 Apr 2010 07:59:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=googlemail.com; s=gamma;
	h=domainkey-signature:mime-version:received:in-reply-to:references
	:date:received:message-id:subject:from:to:cc:content-type;
	bh=bUWf3AAjgz0L2QyKqOgNg8dNGl/I/gvi2a13JSZj2yw=;
	b=mK4HPvubTkDLeMSglyA7shen6LIguRuQtK7de6bNhjLZlP0L4n6+H5p/XkDS2eYUh+
	TphjvwBHWZz2e5aI7sWyIqrC3MVtwxBv/zUUKiSs3kTysI8+G5nxNy7+MGYw0XK+pXwj
	3BJqI1jASpMCzmm5wWY2JGyzoB/KjzV0fWIaI=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type;
	b=PuvsDJ0+bUnq187gKNUumIlMOhG2ug/a4eoDGxpB+BY6CO9c8UnIZpE4590AyRZgRa
	Fu1QQ9zb3+iu+s+QIPSG2l+3AZVT2cP2ChzcqzdjVp4/YKAmFym940/CdYRMG7KAldET
	/3ZIBQMOIPfwbxRfTDIWUDMIbokZy0qFu0Jp8=
MIME-Version: 1.0
Received: by 10.239.165.129 with HTTP; Mon, 19 Apr 2010 07:59:38 -0700 (PDT)
In-Reply-To: <20100419145615.48204.qmail@joyce.lan>
References: <n2rd36406631004190412k9fea6e71i2b61d411fd7948@mail.gmail.com>
	<20100419145615.48204.qmail@joyce.lan>
Date: Mon, 19 Apr 2010 15:59:38 +0100
Received: by 10.239.180.19 with SMTP id f19mr496654hbg.91.1271689178670; Mon, 
	19 Apr 2010 07:59:38 -0700 (PDT)
Message-ID: <m2yd36406631004190759g4f1da008gc13d0c250ffde539@mail.gmail.com>
From: krad <kraduk@googlemail.com>
To: John Levine <johnl@iecc.com>
Content-Type: text/plain; charset=ISO-8859-1
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: freebsd-questions@freebsd.org
Subject: Re: DJB and root ns server dnssec signing
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Apr 2010 14:59:40 -0000

On 19 April 2010 15:56, John Levine <johnl@iecc.com> wrote:

> I also use djbdns and don't expect any particular problems, since you
> don't get EDNS responses if you don't make EDNS queries.
>
> There's a one-line patch I can probably dig up which makes dnscache
> accept oversized responses.  Dunno if it would help, but it's unlikely
> to hurt.
>
> R's,
> John
>

I think watch i really need to do is find a root ns that is already serving
signed records then limit djb to that, and then i can do some testing. My
gut feeling is that it will be ok, but its no where near 90% let alone 100%
which is why im nervous. PR nightmare if it does go wrong