DNSSEC for content DNS


#1

Is there any work being done at the moment on this?

I notice that there is a patch for tinydns, which might be useful if you weren’t already aware of it.


#2

This is of course up to Bytemark to decide, but I would seriously consider moving on to a maintained DNS server codebase instead. Modern DNS servers make DNSEC deployment easy and almost fool proof. I seriously doubt that can be said about tinydns with the DNSSEC patch.

I also note that djbdns isn’t part of Debian stable anymore. Yet another reason to consider alternatives.


#3

A good point. I imagine such a migration would be a fairly mammoth undertaking, though.
Personally I don’t care too much what DNS server Bytemark uses, but it would be good to be able to use DNSSEC one way or another,