[dns-operations] More DNSSEC validators to expect
jan.vcelak at nic.cz
Tue May 24 08:22:45 UTC 2016
>> New version of Linux' systemd has DNSEC validation enabled by default:
> Which sends out all application queries over all interfaces to all
> DNS servers, and uses the first answer that comes back irrespective of
> DNSSEC status.
Let's call it "Opportunistic DNSSEC".
I wonder what is the purpose of DNSSEC=allow-downgrade. Maybe just to
verify that DNSSEC=true is a bad default in many networks and therefore
a bad default for regular users.
I really like this effort of systemd-resolved. But I think that
something similar to dnssec-trigger will be needed in the foreseeable
More information about the dns-operations