Preparing for upcoming DNSSEC changes on 5/5

Kalman Feher kalman.feher at
Mon May 3 19:56:25 UTC 2010

On 3/05/10 7:34 PM, "Lightner, Jeff" <jlightner at> wrote:

> There is no EDNS entry in my named.conf.  Do I need one, given that
> above worked?
You probably should. Your resolver is saying its capable of handling 4096,
but apparently your network path may not support that. The changes on the
5/5 will not require it however.
> The article (apparently he got it from our common manager) is one I've
> not seen but I'm assuming it was The Register article or something
> referring to it.   Most of my reading since I sent the email suggests as
> you did that I don't need to do anything and that the original article
> was written in an overly alarmist fashion.

Yes. We've had several customers contact us in a panic after reading that
article. Most people will be fine. But there's nothing wrong with learning
about the upcoming changes. Unfortunately articles like that do not assist
in spreading accurate information.

> Is there other testing I need to do?
> -----Original Message-----
> From: at
> [ at] On Behalf
> Of Alan Clegg
> Sent: Monday, May 03, 2010 12:23 PM
> To: bind-users at
> Subject: Re: Preparing for upcoming DNSSEC changes on 5/5
> On 5/3/2010 4:36 PM, Lightner, Jeff wrote:
>> It sounds as if he read an article saying we have to implement DNSSEC
> on
>> our DNS servers or we'll quit working on 5/5?  Is that the case?
>> Also what is the drop dead date/time if so?  5/5 Midnight UTC?  Some
>> other time?
> You don't need to do anything more than be sure that you have a clean
> network path.  There is nothing "to do" by 5/5 as long as the tests that
> you say worked actually did work.
> If you have additional information on "the article" that he read
> implying that more needs to be done, please provide a link.
> Thanks,
> AlanC
> Proud partner. Susan G. Komen for the Cure.
> Please consider our environment before printing this e-mail or attachments.
> ----------------------------------
> CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential
> information and is for the sole use of the intended recipient(s). If you are
> not the intended recipient, any disclosure, copying, distribution, or use of
> the contents of this information is prohibited and may be unlawful. If you
> have received this electronic transmission in error, please reply immediately
> to the sender that you have received the message in error, and delete it.
> Thank you.
> ----------------------------------
> _______________________________________________
> bind-users mailing list
> bind-users at

Kal Feher 

More information about the bind-users mailing list