On Fri, Nov 20, 2009 at 8:13 PM, Mike McGrath <mmcgrath@xxxxxxxxxx> wrote: > On Fri, 20 Nov 2009, Stephen John Smoogen wrote: > >> On Fri, Nov 20, 2009 at 3:09 PM, Mike McGrath <mmcgrath@xxxxxxxxxx> wrote: >> > Nothing's ever easy, is it? >> > >> > So I got pdns up and going this afternoon with it's geo back end. It's >> > working as expected and everything is good. The problem is pdns's dnssec >> > implementation is... not particularly mature or really even usable AFAIK >> > with geodns. >> > >> > Anyone out there doing both geo location and dnssec with their name >> > servers? >> >> Not really. Most places I know do not do dns-sec (either waiting until >> .com/.org is signed or until its required) or if they are doing >> dns-sec aren't doing geoip. The solutions that comes to mind would be >> to have the geoip code in an unsigned sub-zone. Its not great but >> until 2011 I don't see it being much better. >> > > Ugh, I really don't want to have to choose, nb did great work with getting > dnssec going. I would only do it for a subzone and not for the main one. Basically have ns1/ns2 have the signed zones and the subzones on another one. -- Stephen J Smoogen. Ah, but a man's reach should exceed his grasp. Or what's a heaven for? -- Robert Browning _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
