Home > Uncategorized > DNSSEC May Cause Problems On May 5

DNSSEC May Cause Problems On May 5

April 30th, 2010 04:37 admin Leave a comment Go to comments

An anonymous reader notes the coming milestone of May 5, at 17:00 UTC — at this time DNSSEC will be rolled out across all 13 root servers. Some Internet users, especially those inside corporations and behind smaller ISPs, may experience intermittent problems. The reason is that some older networking equipment is pre-configured to block any reply to a DNS request that exceeds 512 bytes in size. DNSSEC replies are typically four times as large. “DNSSEC is in fact already rolled out across most of the world’s 13 root servers… But to date… it would only have resulted in a slight lag in the loading of a web page for those with outdated network equipment. The beauty of DNS is that should a request made to one root server not receive a response, the DNS resolver on a user’s machine simply makes the same request along the line of the 13 root servers until it gets a satisfactory response. But on May 5, once all 13 root servers are live with the DNSSEC signatures, responses from all 13 root servers won’t make it back inside the corporate LAN on some older systems. … The problem may take several days to surface and be inconsistent from one user’s PC to the next. A user at one machine that hasn’t switched on his PC for two or three days will have no access to the internet. A user that left his machine on the night before will have some pages — and responses from DNS servers — cached on their machine, and will still have connectivity.” The article links a test site you can use ahead of time to check for any problems.

Source: DNSSEC May Cause Problems On May 5

Related Articles:

  1. Root DNS Zone Now DNSSEC Signed
  2. ARIN Implements DNSSEC
  3. DNSSEC Comes To .Net Zone Today
  4. The DNSSEC Chicken & Egg Challenge
  5. Dot-Org TLD Signed For DNSSEC
blog comments powered by Disqus