DNS.HE.NET Topics > General Questions & Suggestions

DNSSEC support?

(1/6) > >>

woosingwoo:
Does he.net support DNSSEC?

We have the following findings:-
$ dig +short rs.dns-oarc.net txt
rst.x479.rs.dns-oarc.net.
rst.x488.x479.rs.dns-oarc.net.
rst.x493.x488.x479.rs.dns-oarc.net.
"2001:470:0:c0::2 DNS reply size limit is at least 493"
"2001:470:0:c0::2 lacks EDNS, defaults to 512"
"Tested at 2010-10-02 17:16:18 UTC"

$ dig txt test.rs.ripe.net +short
rst.x477.rs.ripe.net.
rst.x481.x477.rs.ripe.net.
rst.x486.x481.x477.rs.ripe.net.
"216.66.38.58 summary bs=512,rs=486,edns=0,do=0"
"216.66.38.58 DNS reply size limit is at least 486 bytes"
"216.66.38.58 lacks EDNS, defaults to 512"

Thanks

kcochran:
That test is actually flawed, the recursors handle EDNS0.

As to DNSSEC, the software doesn't support it yet.

chiel:
What software are you using for your resolvers? Bind and Unbound (two of the larger DNS resolvers) support DNSSEC without any problem, so I guess it's not one of those.
I'm asking because I have setup my own DNS (with DNSSEC) resolver last weekend on an old test machine that is usually powered down. It works without any problem, the only thing is that I need to leave this machine running (its just a home connection) and obviously this resolver is not using Google whitlist.
I'm looking for a resolver that has IPv6 address (for DHCPv6), is on the Google whitlist and supports DNSSEC. HE is only missing that last one..

snarked:

--- Quote ---DNSSEC (timeframe, 3-6 months)
--- End quote ---
- Updated 08.01.2010 - dnsadmin@he.net

OK, it's 4.3 months later:  Any update?

Inquiring servers want to know!

snarked:
Any word yet - now 7 months since August 1 which estimated 3-6 months?

I hve received complaints about some of my DNSSEC-enabled domains not being resolvable because some of their servers are not serving NSEC3 records (some => HE's servers)....


PS:  This message CC'ed to dns@he.net

Navigation

[0] Message Index

[#] Next page

Go to full version