On Thu, 5 Mar 2009, Chris Adams wrote:
Once upon a time, Paul Wouters <paul@xxxxxxxxxxxxx> said:
Adam Tkac and I maintain the two recursive nameservers in Fedora. We need
to decide before the beta freeze whether we want recursing caching
nameservers to enable or disable DNSSEC per default.
Given the possible impact, IMHO it would be better to do this much
earlier in the release cycle.
I don't think there's any rush to support DNSSEC resolvers, since
there's little support for DNSSEC authoritative data in the real world.
http://www.xelerance.com/dnssec/
The map is missing .gov (as I don't know yet how to colour the US for that)
There are currently two gTLD's, 5 ccTLD's, 56 in-arpa's and the ENUM
zones that are DNSSEC signed. I am expecting to see most TLD's support
DNSSEC in the next year or two, with the earlier ones (including .org)
tentatively happening in 6-12 months. This is based on my experience with
the DHS DNSSEC Deployment Initiative, IETF, DNS-OARC and ICANN meetings
that I've been to and where I talked to the TLD people.
See further some of my slide decks at http://www.xelerance.com/engagements/
Paul
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
