Enable DNSSEC validation on dnscache1 and dnscache2.bytemark.co.uk?


#1

It would sure be nice to have DNSSEC validation on the bytemark resolvers now that most(?) of the world are signing their zones. Something to consider in the near future?

But I see that you still run PowerDNS Recursor 3.6.2 on these servers, so I guess it depends on an update to PowerDNS 4.x. Or maybe to BIND or Unbound, which I believe both support DNSSEC validation in jessie.


#2

I noticed this when doing a dig +trace qabkgzfgcun.bytemark.co.uk. a a few days ago.


#3

+1 on this. I registered a domain via Mythic Beasts last week so it could use DNSSEC.


#4

To be clear, these servers are for caching not content DNS. Our content DNS servers do not support DNSSEC either, but that is a separate concern :slight_smile: </pedant>


DNSSEC for content DNS