Possible DNSSEC Problems on May 5

internet users may have connection problems on May 5, at 17:00 UTC, when DNSSEC will be rolled out across all 13 web root servers.

Bruce Tonkin, chief strategy officer at Melbourne IT, says:

“The problem may take several days to surface and be inconsistent from one user’s PC to the next. A user at one machine that hasn’t switched on his PC for two or three days will have no access to the internet. A user that left his machine on the night before will have some pages – and responses from DNS servers – cached on their machine, and will still have connectivity.”

Tonkin recommended network managers run a series of simple online tests to ensure their network can handle the larger DNS responses:

A reply-size test available at DNS-OARC:
https://www.dns-oarc.net/oarc/services/replysizetest

Ripe Labs’ ‘Test your DNS Resolver’
http://labs.ripe.net/content/testing-your-resolver-dns-reply-size-issues

Post a Reply

Your email address will not be published. Required fields are marked *

Top