[dns-operations] More DNSSEC validators to expect

Paul Wouters paul at nohats.ca
Mon May 30 16:08:54 UTC 2016

On Mon, 30 May 2016, Peter van Dijk wrote:

>>  As it uses nsswitch, it will also still do all of this even if you
>>  run a local validating nameserver. Since systemd-resolved itself
>>  does not cache, at least over time you will get a better chance
>>  of not getting poisoned, if you do run a local DNS server.
> Are you sure it does not cache? The man page says it does, and so does this 
> (old!) message: http://seclists.org/oss-sec/2014/q4/592

You seem to be right. I was going by what I was told at the devconf
DNSSEC meeting where Lennart told me otherwise (or possibly I misunderstood
his statement that resolvd was not a dns caching server)


More information about the dns-operations mailing list