On 05/02/14 23:35, Eugene Rudoy wrote:
Hi Simon,
On Thu, Feb 6, 2014 at 12:23 AM, Eugene Rudoy <gene.de...@gmail.com> wrote:
hmm, tried all above, still INSECURE
--dnssec-debug doesn't make log more verbose or provide any additional
information. Is it the expected behavior?
It does two things, the results of which are not externally obvious.
1) It sets the cd (checking disabled) bit in upstream queries, so that
it's possible to check that invalid data is identified, rather than
just getting a SERVFAIL from the upstream server.
2) It suppresses SERVFAIL as the reply to queries whose answer doesn't
verify, for similar reasons.
Cheers,
Simon.
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
