[dns-operations] More DNSSEC validators to expect
Peter van Dijk
peter.van.dijk at powerdns.com
Mon May 30 15:37:51 UTC 2016
Hello Paul,
On 24 May 2016, at 7:00, Paul Wouters wrote:
> As it uses nsswitch, it will also still do all of this even if you
> run a local validating nameserver. Since systemd-resolved itself
> does not cache, at least over time you will get a better chance
> of not getting poisoned, if you do run a local DNS server.
Are you sure it does not cache? The man page says it does, and so does
this (old!) message: http://seclists.org/oss-sec/2014/q4/592
Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/
More information about the dns-operations
mailing list