[Dnsmasq-discuss] DNSSEC Switchover on 5th May 2010

Simon Kelley simon at thekelleys.org.uk
Tue Apr 13 14:00:03 BST 2010


Jasvinder S. Bahra wrote:
> Everyone,
> 
> However, i've come across an article 
> (http://www.theregister.co.uk/2010/04/13/dnssec/) which suggests that there 
> may be problems on the 5th May when the 13 root servers switch over to the 
> DNSSEC protocol.
> 
> I'm just posting this to see if anyone can tell me whether DNSMasq will be 
> affected?  I'm specifically interested in whether or not its likely i'll 
> have to reconfigure DNSMasq on the 5th May.
> 
> Please note that I only have a basic understanding of how the the DNS system 
> works.  I apologise if this is a nonsensical query.
> 
>

It's a very sensible query. Some thought has gone into this, and the
conclusion is that all is fine with one possible exception: most
releases of dnsmasq will, by default, handle UDP packets up to 1280
bytes. That should be fine in most circumstances, but the recommendation
now is a limit of 4096 bytes.

The default was changed to 4096 in release 2.52. For earlier releases,
the same effect can be achieved by adding

edns-packet-max=4096

to /etc/dnsmasq.conf

There's no need to wait until DNSSEC is introduced to make this change.


HTH


Simon.





More information about the Dnsmasq-discuss mailing list