DNSSEC May Cause Problems On May 5

An anonymous reader notes the coming milestone of May 5, at 17:00 UTC — at this time DNSSEC will be rolled out across all 13 root servers. Some Internet users, especially those inside corporations and behind smaller ISPs, may experience intermittent problems. The reason is that some older networking equipment is preconfigured to block any reply to a DNS request that exceeds 512 bytes in size. DNSSEC replies are typically four times as large. "DNSSEC is in fact already rolled out across most of the world's 13 root servers. ... But to date ... it would only have resulted in a slight lag in the loading of a web page for those with outdated network equipment. The beauty of DNS is that should a request made to one root server not receive a response, the DNS resolver on a user's machine simply makes the same request along the line of the 13 root servers until it gets a satisfactory response. But on May 5, once all 13 root servers are live with the DNSSEC signatures, responses from all 13 root servers won't make it back inside the corporate LAN on some older systems. ... The problem may take several days to surface and be inconsistent from one user's PC to the next. A user at one machine who hasn't switched on his PC for two or three days will have no access to the Internet. A user who left his machine on the night before will have some pages — and responses from DNS servers — cached on his machine, and will still have connectivity." The article links a test site you can use ahead of time to check for any problems.

Jeez, And the day after

[coniferous]

And the day after star wars day too... We are going to have some seriously bipolar geeks by the time this is all done.

Be happy

Now you will have an excuse to replace all that crappy old networking equipment "because it does not work with the new secure internet".

Re:Be happy

[WrongSizeGlass]

Now you will have an excuse to replace all that crappy old networking equipment "because it does not work with the new secure internet".

I still support 7-bit ASCII, you insensitive clod!

Re:Be happy

[OzPeter]

Now you will have an excuse to replace all that crappy old networking equipment "because it does not work with the new secure internet".

I still support 7-bit ASCII, you insensitive clod!

7 bit ASCII?!??!?! Geez .. get off my lawn .. its Baudot or nothing!!

Re:Be happy

You have Baudot?

You lucky bastard, all I've got is ones and zeroes.

Re:Be happy

[OzPeter]

You have Baudot?

You lucky bastard, all I've got is ones and zeroes.

Um .. Baudot *is* ones and zeroes.

Re:Be happy

Ones and zeroes?! Ones and zeroes?!

I'm making do with a stick and a hoop here, you jammy git!

Re:Be happy

You have ones? You lucky bastard, all I've got is a zero! Yes, only one!

Re:Be happy

You have ones? You lucky bastard, all I've got is a zero! Yes, only one!

Then you have one!

Family Guy

Read Chris Griffin's of Comcast's response in the DSLReports thread on this topic
^^^^^^^^^^^^^^^^^^^^

I'll bet he catches hell over his name a lot.

idiot article

[Gothmolly]

Not everyone runs Windows^Wa DNS cache, you insensitive clod!

That's okay

[LordNimon]

We can celebrate Sync-o de Mayo!

Re:So what do I do?

[Fnord666]

I ran the command on the test page and the results are

C:\Documents and Settings\root\Desktop>dig +short rs.dns-oarc.net txt
'dig' is not recognized as an internal or external command,
operable program or batch file.

What does that mean?

Simple solution ...

[PPH]

Grab a copy of the DNS namespace and load it into /etc/hosts.