An update:
Now it would make sense to be able to add a DO-bit, via /etc/resolv.conf:
https://developers.google.com/speed/public-dns/faq#dnssec
It would also be interesting if the AD-bit could be set, in accordance
with http://tools.ietf.org/html/rfc6840#section-5.7
Some good inspiration can be
* Matthew Grant:
From my investigations this can only be enabled by recompiling each bit
of software to set the RES_USE_DNSSEC flag in _res.options, as well as
RES_USE_EDNS0. (Please see racoon bug #679483). The enablement method
is from openssh 6.0p1, openbsd-compat/getrrsetbyname.c
This
Package: libc6
Version: 2.13-34
Severity: Serious
Tags: security
Hi!
I am submitting this report as there seems to be no easy way to get
DNSSEC validation happening for all DNS lookups. This is a litmus test
to make sure we cover this matter, or see if we have an easy procedure
in wheezy to
3 matches
Mail list logo
