Replies: 3 comments 3 replies
-
nobody ? |
Beta Was this translation helpful? Give feedback.
2 replies
-
Basically, the upstream needs to support DNSSEC in the first place. Now, when it does support it, but DNSSEC isn't enabled, it simply ignores the validation, but if it's enabled it recognizes the validation and also caches it locally for a while. At least that's what I understand, contracdict me if I'm wrong. |
Beta Was this translation helpful? Give feedback.
0 replies
-
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
HI
In AdGuard Home there is an option:
Enable DNSSEC (set dnssec flag at outcoming queires, and check the results, dnssec enabled resolver is required).
Unfortunatelly i cant find any information what devs had in mind writing this.
ADH is proxy DNS server, so what "flag" they are talking about ? They mean DO or CD flag ? or what? Nothing makes sense with what they wrote . What "check"? This whole statement is confusing and not precise.
Generally DNSSEC-enabled at least in Bind means that such server should work as dns recursive resolver (not proxy) with activated DNSSEC validation (thats means he has to manage his own trust anchor etc) and it set "do" flag at every query.
What does it means at ADH case ?
Beta Was this translation helpful? Give feedback.
All reactions