On Sat, Nov 21, 2009 at 1:18 PM, Stephen John Smoogen <smooge@xxxxxxxxx> wrote: > On Fri, Nov 20, 2009 at 8:13 PM, Mike McGrath <mmcgrath@xxxxxxxxxx> wrote: >> On Fri, 20 Nov 2009, Stephen John Smoogen wrote: >> >>> On Fri, Nov 20, 2009 at 3:09 PM, Mike McGrath <mmcgrath@xxxxxxxxxx> wrote: >>> > Nothing's ever easy, is it? >>> > >>> > So I got pdns up and going this afternoon with it's geo back end. It's >>> > working as expected and everything is good. The problem is pdns's dnssec >>> > implementation is... not particularly mature or really even usable AFAIK >>> > with geodns. >>> > >>> > Anyone out there doing both geo location and dnssec with their name >>> > servers? >>> >>> Not really. Most places I know do not do dns-sec (either waiting until >>> .com/.org is signed or until its required) or if they are doing >>> dns-sec aren't doing geoip. The solutions that comes to mind would be >>> to have the geoip code in an unsigned sub-zone. Its not great but >>> until 2011 I don't see it being much better. >>> >> >> Ugh, I really don't want to have to choose, nb did great work with getting >> dnssec going. > > I would only do it for a subzone and not for the main one. Basically > have ns1/ns2 have the signed zones and the subzones on another one. Surely this is going to increase the time needed for clients to perform DNS lookups on the content we got GEO-Located (i.e. fedoraproject.org/admin.fedoraproject.org) - Nigel _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list