[Pdns-announce] Repeated statement on non-impact of DNSSEC rollout on PowerDNS Software
bert.hubert at netherlabs.nl
Mon Apr 26 06:06:15 UTC 2010
Dear PowerDNS Users,
On May 5th of 2010, the last so called "root servers" will gain DNSSEC
support. Due to some confusion and slightly unclear communication from the
root operators, fears have been raised that this rollout might impact
PowerDNS installations, since they currently lack DNSSEC support.
We made an initial statement that PowerDNS was not affected on March 19th on
the PowerDNS Users mailing list:
We now wish to further emphasise that NO impact is expected or even possible
on the PowerDNS Recursor and the PowerDNS Authoritative Server, from the
'signing of the root' that finishes on May 5th.
In other words, no action at all is required from PowerDNS users.
Further details can be found in the message linked above. The short version
is that since PowerDNS does not ask 'DNSSEC OK' question, the responses it
receive are not altered by the rollout of DNSSEC.
Some other server implementations send out 'DNSSEC OK' questions by default,
and they might be impacted by large packets, fragmentation, EDNS0 blocking
etc. But not PowerDNS.
PS: we note that PowerDNS with DNSSEC support is now available for early
testing on http://www.powerdnssec.org/ Testing is progressing well, and will
lead to a stable release soon. However, we stress that this version is fully
optional, and not needed because of the signing of the root!
More information about the Pdns-announce