Peplink - dnssec


#1

Good afternoon,

I wonder if the link Peplink balancer implements DNSSEC and if so, how.


#2

DNSSEC is on our roadmap. Currently, it is not supported.


#3

This is not good news. According to COMCAST- http://dns.comcast.net/index.php -

"DNSSEC Rollout Started

We are now migrating all customers to DNSSEC-validating servers. This will happen automatically via DHCP updates between October 2010 and March 2011. "

This took place in FLORIDA on Tuesday OCT 18 and my Peplink has not connected since. I am currently bypassing the Peplink and waiting for a my support ticket to be answered.


#4

I second the request for DNSSec. It’ll be a necessity if you want to sell to the U.S. Government.


#5

DNS issues for a Balance 310 hardware revision 2 according to http://n1.netalyzr.icsi.berkeley.edu:

  1. Your DNS resolver is unable to receive a large (>1500 byte) DNS response successfully, even though it advertises itself as EDNS-enabled.
  2. The resolver at 192.168.254.254 (pdns32) could not process the following tested types:
    Medium (~1300B) TXT records
    Large (~3000B) TXT records
    Large (~3000B) TXT records fetched with EDNS0
  3. It does not validate DNSSEC.
  4. It does not wildcard NXDOMAIN errors.

#6

Besides implementing DNSSEC in the DNS resolver, also do implement DNSSEC in the authoritative nameserver.

.nl tld has already almost 12.000 DNSSEC signed zones, .com is around 14.000.


#7

Please add DNS SEC domain name signing soon, so we can sign our own zones that are hosted by the Peplink (pdns32) domain name service.


#8

How soon can we expect DNSSec support. I’m particularly interested in the Balance 210’s internal resolver supporting signed records.

Thanks,
Tom


#9

We’ve been asking for DNSSEC for years. Please implement DNSSEC and TSIG