DNSSEC HW Support

Gary Wallis wgg1970 at gmail.com
Tue Mar 16 14:39:21 UTC 2010


> I'd like to get your feedback on the following thoughts regarding DNSSEC HW support.
> 
> Any layer 2 or 3 devices forwarding frames or packets should not be affected by the implementation of DNSSEC regardless of the type of protocol (TCP/UDP) or the query size (large or small).
> 
> Layer 4 devices (smart switches) should not be affected by the implementation of DNSSEC using the same logic.
> 
> My thoughts are these products simply forward data based on an frame, IP address, or protocol and should not be affected by the implementation of DNSSEC.  Would you agree?
> 
> Thanks in advance.
> 

I think you are basically correct except for one very important caveat:

DNS BGP anycasting (in wide spread use by many large operations,) where 
you might need to sign zones on the fly with special crypto hardware.



More information about the bind-users mailing list