On Fri, Nov 20, 2009 at 9:09 PM, Mike McGrath <mmcgrath@xxxxxxxxxx> wrote: > On Fri, 20 Nov 2009, Stephen John Smoogen wrote: > >> On Fri, Nov 20, 2009 at 8:13 PM, Mike McGrath <mmcgrath@xxxxxxxxxx> wrote: >> > On Fri, 20 Nov 2009, Stephen John Smoogen wrote: >> > >> >> On Fri, Nov 20, 2009 at 3:09 PM, Mike McGrath <mmcgrath@xxxxxxxxxx> wrote: >> >> > Nothing's ever easy, is it? >> >> > >> >> > So I got pdns up and going this afternoon with it's geo back end. It's >> >> > working as expected and everything is good. The problem is pdns's dnssec >> >> > implementation is... not particularly mature or really even usable AFAIK >> >> > with geodns. >> >> > >> >> > Anyone out there doing both geo location and dnssec with their name >> >> > servers? >> >> >> >> Not really. Most places I know do not do dns-sec (either waiting until >> >> .com/.org is signed or until its required) or if they are doing >> >> dns-sec aren't doing geoip. The solutions that comes to mind would be >> >> to have the geoip code in an unsigned sub-zone. Its not great but >> >> until 2011 I don't see it being much better. >> >> >> > >> > Ugh, I really don't want to have to choose, nb did great work with getting >> > dnssec going. >> >> I would only do it for a subzone and not for the main one. Basically >> have ns1/ns2 have the signed zones and the subzones on another one. >> > > So, for example 'fedoraproject.org' wouldn't be signed, but > 'us.fedoraproject.org' would be? I *think* that's possible but I haven't > gotten it to work. If I can get that to work though I guess that makes > sense because A) it'd work for now and B) I'm sure over time pdns's dnssec > will continue to mature. I meant more like fedoraproject.org would be signed xxx.mirrors.fedoraproject.org wouldn't be. But now I see that doens't cover the items we have. -- Stephen J Smoogen. Ah, but a man's reach should exceed his grasp. Or what's a heaven for? -- Robert Browning _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
