Good afternoon,
I wonder if the link Peplink balancer implements DNSSEC and if so, how.
DNSSEC is on our roadmap. Currently, it is not supported.
This is not good news. According to COMCAST- http://dns.comcast.net/index.php -
"DNSSEC Rollout Started
We are now migrating all customers to DNSSEC-validating servers. This will happen automatically via DHCP updates between October 2010 and March 2011. "
This took place in FLORIDA on Tuesday OCT 18 and my Peplink has not connected since. I am currently bypassing the Peplink and waiting for a my support ticket to be answered.
I second the request for DNSSec. It’ll be a necessity if you want to sell to the U.S. Government.
DNS issues for a Balance 310 hardware revision 2 according to http://n1.netalyzr.icsi.berkeley.edu:
- Your DNS resolver is unable to receive a large (>1500 byte) DNS response successfully, even though it advertises itself as EDNS-enabled.
- The resolver at 192.168.254.254 (pdns32) could not process the following tested types:
Medium (~1300B) TXT records
Large (~3000B) TXT records
Large (~3000B) TXT records fetched with EDNS0 - It does not validate DNSSEC.
- It does not wildcard NXDOMAIN errors.
Besides implementing DNSSEC in the DNS resolver, also do implement DNSSEC in the authoritative nameserver.
.nl tld has already almost 12.000 DNSSEC signed zones, .com is around 14.000.
Please add DNS SEC domain name signing soon, so we can sign our own zones that are hosted by the Peplink (pdns32) domain name service.
How soon can we expect DNSSec support. I’m particularly interested in the Balance 210’s internal resolver supporting signed records.
Thanks,
Tom
We’ve been asking for DNSSEC for years. Please implement DNSSEC and TSIG