Bug#679828: libc6: No easy way of enabling DNSSEC validation aka RES_USE_DNSSEC

2013-03-20 Thread Marco Davids (SIDN)
An update: Now it would make sense to be able to add a DO-bit, via /etc/resolv.conf: https://developers.google.com/speed/public-dns/faq#dnssec It would also be interesting if the AD-bit could be set, in accordance with http://tools.ietf.org/html/rfc6840#section-5.7 Some good inspiration can be

Bug#679828: libc6: No easy way of enabling DNSSEC validation aka RES_USE_DNSSEC

2012-07-01 Thread Florian Weimer
* Matthew Grant: > From my investigations this can only be enabled by recompiling each bit > of software to set the RES_USE_DNSSEC flag in _res.options, as well as > RES_USE_EDNS0. (Please see racoon bug #679483). The enablement method > is from openssh 6.0p1, openbsd-compat/getrrsetbyname.c Th

Bug#679828: libc6: No easy way of enabling DNSSEC validation aka RES_USE_DNSSEC

2012-07-01 Thread Matthew Grant
Package: libc6 Version: 2.13-34 Severity: Serious Tags: security Hi! I am submitting this report as there seems to be no easy way to get DNSSEC validation happening for all DNS lookups. This is a litmus test to make sure we cover this matter, or see if we have an easy procedure in wheezy to enab