This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNSSec May 5th

With the change coming on May 5th; DNSSEC - The DNS Security Extensions - Protocol Home Page.

I'm assuming that the packet filter we won't have problems since the default Service Definition for DNS port 53 is TCP/UDP already.

But I thought I would ask about

1) The DNS proxy (I think it's DNS Masq correct me if I'm mistaken).

2) IPS, is there anything in there that would freak out if the TCP packets of greater than 512k occur.

We use opendns as our default upstream provider so I'm not sweating it but I thought the question worthy of discussion here.

This thread was automatically locked due to age.

Parents

0 dschmidl over 15 years ago

Hi folks,

please follow this link for more information:

https://support.astaro.com/support/index.php/DNS_Proxy_Fails_DNSSEC_packet_size_test

Cheers
Dominic
Cancel
Vote Up 0 Vote Down

Cancel
0 profesor over 15 years ago in reply to dschmidl

Hi!
here's a link for one useful tool
Testing your resolver for DNS reply size issues | RIPE Labs
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 profesor over 15 years ago in reply to dschmidl

Hi!
here's a link for one useful tool
Testing your resolver for DNS reply size issues | RIPE Labs
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 profesor over 15 years ago in reply to profesor

For those who want more information..

http://www.ripe.net/training/dnssec/material/dnssec.pdf
Cancel
Vote Up 0 Vote Down

Cancel