Hi, It's enabled by default if BIND is the right version nothing needs to be done. I found it kind of sad that the version of BIND that comes with the latest version of CentOS 4 is so old that it doesn't support DNSSEC. thanks, -Drew XLHost.com -----Original Message----- From: centos-bounces@xxxxxxxxxx [mailto:centos-bounces@xxxxxxxxxx] On Behalf Of m.roth@xxxxxxxxx Sent: Friday, April 30, 2010 1:07 PM To: CentOS mailing list Subject: DNSSEC Well, folks, There's an article on slashdot, <http://tech.slashdot.org/article.pl?sid=10/04/30/1258234> Excerpt: ...the coming milestone of May 5, at 17:00 UTC - at this time DNSSEC will be rolled out across all 13 root servers. Some Internet users, especially those inside corporations and behind smaller ISPs, may experience intermittent problems. The reason is that some older networking equipment is pre-configured to block any reply to a DNS request that exceeds 512 bytes in size. DNSSEC replies are typically four times as large. --- end excerpt --- I followed the link from the story to <https://www.dns-oarc.net/oarc/services/replysizetest>, a coordinating organization, and tried their test (as root): dig +short rs.dns-oarc.net txt And see that where I work, we're not ready. Is anyone following this, and/or have a HOWTO on enabling it for CentOS? mark (need to check this at home, too) _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos