[dns-operations] More DNSSEC validators to expect
Paul Wouters
paul at nohats.ca
Mon May 30 16:08:54 UTC 2016
On Mon, 30 May 2016, Peter van Dijk wrote:
>> As it uses nsswitch, it will also still do all of this even if you
>> run a local validating nameserver. Since systemd-resolved itself
>> does not cache, at least over time you will get a better chance
>> of not getting poisoned, if you do run a local DNS server.
>
> Are you sure it does not cache? The man page says it does, and so does this
> (old!) message: http://seclists.org/oss-sec/2014/q4/592
You seem to be right. I was going by what I was told at the devconf
DNSSEC meeting where Lennart told me otherwise (or possibly I misunderstood
his statement that resolvd was not a dns caching server)
Paul
More information about the dns-operations
mailing list