On Wed, Mar 04, 2009 at 11:20:30PM -0500, Paul Wouters wrote: > - DNSSEC requires EDNS0 and stupid firewall administrators might be blocking > TCP port 53 and UDP packets > 512 bytes, possibly causing DNS problems if > these are located in front of DNSSEC capable resolvers. Also some commercial firewalls have issues with their "DNS protection" features enabled[1]. Perhaps an effort could be made to document various common EDNS related issues (in the case above, disabling SmartDefense) to help administrators work around these inevitable issues. I've contacted remote hostmasters to ask them to adjust their configurations before -- more hands using these features should help to slowly get everyone else on board... Ray [1]: http://lists.virus.org/fw1-0901/msg00014.html -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
