On Wed, 4 Dec 2013, Tomas Hozza wrote:
I would like to discuss if the dnssec-triggerd behaviour
when doing hot spot sign-on is really correct. At the moment
dnssec-trigger writes nameservers obtained from DHCP into
the /etc/resolv.conf on Linux.
Wouldn't be better if it would set DNS servers obtained
from DHCP (regardless if they support DNSSEC) as forwarders
in unbound and also disable the validator module?
When going back to the "secure" mode it could just enable
the validator module and do the reprobing and set forwarders
based on the probing results.
No, that would contaminate your cache.
Paul
_______________________________________________
dnssec-trigger mailing list
[email protected]
http://open.nlnetlabs.nl/mailman/listinfo/dnssec-trigger
