[Dnsmasq-discuss] DNSSEC Switchover on 5th May 2010
simon at thekelleys.org.uk
Tue Apr 13 14:00:03 BST 2010
Jasvinder S. Bahra wrote:
> However, i've come across an article
> (http://www.theregister.co.uk/2010/04/13/dnssec/) which suggests that there
> may be problems on the 5th May when the 13 root servers switch over to the
> DNSSEC protocol.
> I'm just posting this to see if anyone can tell me whether DNSMasq will be
> affected? I'm specifically interested in whether or not its likely i'll
> have to reconfigure DNSMasq on the 5th May.
> Please note that I only have a basic understanding of how the the DNS system
> works. I apologise if this is a nonsensical query.
It's a very sensible query. Some thought has gone into this, and the
conclusion is that all is fine with one possible exception: most
releases of dnsmasq will, by default, handle UDP packets up to 1280
bytes. That should be fine in most circumstances, but the recommendation
now is a limit of 4096 bytes.
The default was changed to 4096 in release 2.52. For earlier releases,
the same effect can be achieved by adding
There's no need to wait until DNSSEC is introduced to make this change.
More information about the Dnsmasq-discuss