On Wed, Mar 4, 2009 at 11:20 PM, Paul Wouters <paul@xxxxxxxxxxxxx> wrote: [snip] > - DNSSEC requires EDNS0 and stupid firewall administrators might be blocking > TCP port 53 and UDP packets > 512 bytes, possibly causing DNS problems if > these are located in front of DNSSEC capable resolvers. > - Some NAT router brands drop DNS packets with DNSSEC options enabled. If > using a cheap NAT router as forwarder for your DNSSEC enabled Fedora > machine, DNS connectivity might cause intermittent problems. These two will never change until something breaks in response to them. The only reasons to defer with respect to these issues that I can think of are: (1) DNSSEC might never happen and Fedora could just skip the feature (2) Deferring could allow coordinated adoption with other operating systems; which would make the problem more clearly a nat/firewall issue rather than a Fedora issue. Neither of these are realistic, so I don't think those problems should be considered blocking. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
