[Dnsmasq-discuss] DNSSEC Switchover on 5th May 2010
Simon Kelley
simon at thekelleys.org.uk
Tue Apr 13 14:00:03 BST 2010
Jasvinder S. Bahra wrote:
> Everyone,
>
> However, i've come across an article
> (http://www.theregister.co.uk/2010/04/13/dnssec/) which suggests that there
> may be problems on the 5th May when the 13 root servers switch over to the
> DNSSEC protocol.
>
> I'm just posting this to see if anyone can tell me whether DNSMasq will be
> affected? I'm specifically interested in whether or not its likely i'll
> have to reconfigure DNSMasq on the 5th May.
>
> Please note that I only have a basic understanding of how the the DNS system
> works. I apologise if this is a nonsensical query.
>
>
It's a very sensible query. Some thought has gone into this, and the
conclusion is that all is fine with one possible exception: most
releases of dnsmasq will, by default, handle UDP packets up to 1280
bytes. That should be fine in most circumstances, but the recommendation
now is a limit of 4096 bytes.
The default was changed to 4096 in release 2.52. For earlier releases,
the same effect can be achieved by adding
edns-packet-max=4096
to /etc/dnsmasq.conf
There's no need to wait until DNSSEC is introduced to make this change.
HTH
Simon.
More information about the Dnsmasq-discuss
mailing list