Dear PowerDNS Users, On May 5th of 2010, the last so called "root server" will gain DNSSEC support. Due to some confusion and slightly unclear communication from the root operators, fears have been raised that this rollout might impact PowerDNS installations, since they currently lack DNSSEC support.
We made an initial statement that PowerDNS was not affected on March 19th on the PowerDNS Users mailing list: http://mailman.powerdns.com/pipermail/pdns-users/2010-March/006610.html We now wish to further emphasise that NO impact is expected or even possible on the PowerDNS Recursor and the PowerDNS Authoritative Server, from the 'signing of the root' that finishes on May 5th. In other words, no action at all is required from PowerDNS users. Further details can be found in the message linked above. The short version is that since PowerDNS does not ask 'DNSSEC OK' question, the responses it receive are not altered by the rollout of DNSSEC. Some other server implementations send out 'DNSSEC OK' questions by default, and they might be impacted by large packets, fragmentation, EDNS0 blocking etc. But not PowerDNS. Kind regards, Bert Hubert PowerDNS PS: we note that PowerDNS with DNSSEC support is now available for early testing on http://www.powerdnssec.org/ Testing is progressing well, and will lead to a stable release soon. However, we stress that this version is fully optional, and not needed because of the signing of the root! _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users