DNS.HE.NET Topics > General Questions & Suggestions

DNSSEC support?

(1/6) > >>

Does he.net support DNSSEC?

We have the following findings:-
$ dig +short rs.dns-oarc.net txt
"2001:470:0:c0::2 DNS reply size limit is at least 493"
"2001:470:0:c0::2 lacks EDNS, defaults to 512"
"Tested at 2010-10-02 17:16:18 UTC"

$ dig txt test.rs.ripe.net +short
" summary bs=512,rs=486,edns=0,do=0"
" DNS reply size limit is at least 486 bytes"
" lacks EDNS, defaults to 512"


That test is actually flawed, the recursors handle EDNS0.

As to DNSSEC, the software doesn't support it yet.

What software are you using for your resolvers? Bind and Unbound (two of the larger DNS resolvers) support DNSSEC without any problem, so I guess it's not one of those.
I'm asking because I have setup my own DNS (with DNSSEC) resolver last weekend on an old test machine that is usually powered down. It works without any problem, the only thing is that I need to leave this machine running (its just a home connection) and obviously this resolver is not using Google whitlist.
I'm looking for a resolver that has IPv6 address (for DHCPv6), is on the Google whitlist and supports DNSSEC. HE is only missing that last one..


--- Quote ---DNSSEC (timeframe, 3-6 months)
--- End quote ---
- Updated 08.01.2010 - dnsadmin@he.net

OK, it's 4.3 months later:  Any update?

Inquiring servers want to know!

Any word yet - now 7 months since August 1 which estimated 3-6 months?

I hve received complaints about some of my DNSSEC-enabled domains not being resolvable because some of their servers are not serving NSEC3 records (some => HE's servers)....

PS:  This message CC'ed to dns@he.net


[0] Message Index

[#] Next page

Go to full version