From Fedora Project Wiki

Line 12: Line 12:


Is it already planned to get (part of) Fedora Infrastructure to use DNSSEC? This would be a nice thing to do. :-) --[[User:Till|Till]] 00:24, 17 December 2008 (UTC)
Is it already planned to get (part of) Fedora Infrastructure to use DNSSEC? This would be a nice thing to do. :-) --[[User:Till|Till]] 00:24, 17 December 2008 (UTC)
It would certainly be nice to have the Fedora domains DNSSEC signed.  There's a tool called zkt http://www.hznet.de/dns/zkt/ that's useful for maintaining DNSSEC signed domains.  [[User:Jcollie|JeffOllie]]

Revision as of 21:25, 19 January 2009

Can you coordinate with other dns server packages in fedora to support this if they support dnssec? In particular: pdns and maradns are both packaged.

How does this affect dnsmasq? Does it handle dnssec ok? libvirt makes heavy use of it.

- User:kevin

dnsmasq forwards all the dnssec data, but it does not support to verify it. Afaik it is also not possible to enable dnssec for hostnames that are configured in /etc/hosts or in the dnsmasq config file. --Till 10:33, 11 December 2008 (UTC)

I think that "invulnerable" is a little too strong and that it should say something like "greatly hardened"

- User:Ausil

Is it already planned to get (part of) Fedora Infrastructure to use DNSSEC? This would be a nice thing to do. :-) --Till 00:24, 17 December 2008 (UTC)

It would certainly be nice to have the Fedora domains DNSSEC signed. There's a tool called zkt http://www.hznet.de/dns/zkt/ that's useful for maintaining DNSSEC signed domains. JeffOllie