Enable DNSSEC validation on dnscache1 and dnscache2.bytemark.co.uk?


It would sure be nice to have DNSSEC validation on the bytemark resolvers now that most(?) of the world are signing their zones. Something to consider in the near future?

But I see that you still run PowerDNS Recursor 3.6.2 on these servers, so I guess it depends on an update to PowerDNS 4.x. Or maybe to BIND or Unbound, which I believe both support DNSSEC validation in jessie.


I noticed this when doing a dig +trace qabkgzfgcun.bytemark.co.uk. a a few days ago.


+1 on this. I registered a domain via Mythic Beasts last week so it could use DNSSEC.


To be clear, these servers are for caching not content DNS. Our content DNS servers do not support DNSSEC either, but that is a separate concern :slight_smile: </pedant>

DNSSEC for content DNS