DNSSEC HW Support
Gary Wallis
wgg1970 at gmail.com
Tue Mar 16 14:39:21 UTC 2010
> I'd like to get your feedback on the following thoughts regarding DNSSEC HW support.
>
> Any layer 2 or 3 devices forwarding frames or packets should not be affected by the implementation of DNSSEC regardless of the type of protocol (TCP/UDP) or the query size (large or small).
>
> Layer 4 devices (smart switches) should not be affected by the implementation of DNSSEC using the same logic.
>
> My thoughts are these products simply forward data based on an frame, IP address, or protocol and should not be affected by the implementation of DNSSEC. Would you agree?
>
> Thanks in advance.
>
I think you are basically correct except for one very important caveat:
DNS BGP anycasting (in wide spread use by many large operations,) where
you might need to sign zones on the fly with special crypto hardware.
More information about the bind-users
mailing list