[dns-operations] More DNSSEC validators to expect
Jan Včelak
jan.vcelak at nic.cz
Tue May 24 08:22:45 UTC 2016
>> New version of Linux' systemd has DNSEC validation enabled by default:
>>
>> http://news.softpedia.com/news/systemd-230-launches-with-dnssec-enabled-by-default-in-systemd-resolved-more-504339.shtml
>
> Which sends out all application queries over all interfaces to all
> DNS servers, and uses the first answer that comes back irrespective of
> DNSSEC status.
Let's call it "Opportunistic DNSSEC".
I wonder what is the purpose of DNSSEC=allow-downgrade. Maybe just to
verify that DNSSEC=true is a bad default in many networks and therefore
a bad default for regular users.
I really like this effort of systemd-resolved. But I think that
something similar to dnssec-trigger will be needed in the foreseeable
future anyway.
Jan
More information about the dns-operations
mailing list