Forcing DNSSEC queries
russell aspinwall
raspinwall at willows7.myzen.co.uk
Thu Nov 15 22:30:20 UTC 2012
Hi,
I have using Bind for a while and last night upgraded to Bind 9.9.2 on
my OpenIndiana 151a7. I would like to be able to control my DNS queries
on Unix/Linux hosts, so that by default the client queries would only
be DNSSEC authenticated/validated. However, as DNSSEC is not completely
deployed I would need to have some control over the DNSSEC query
operation. From my research the libresolv library used is taken from a
library created by ISC.
Could libresolv be modified so that it would permit the following
directives in /etc/resolv.conf.
dnssec enable - perform only DNSSEC queries (default mode
of operation if no directive supplied)
dnssec disable - disable DNSSEC queries
dnssec warn - warn about DNSSEC queries which are not
authenticated
dnssec ignore - ignore DNSSEC queries which are not
authenticated
dnssec trust <zone> | <zone1> .... <zoneN> - trust non DNSSEC signed
(non public) internal zones only
--
Russell Aspinwall russell.aspinwall at bcs.org.uk
"Great minds discuss ideas;
Average minds discuss events;
Small minds discuss people
Former First Lady Eleanor Roosevelt (1884-1962)"
More information about the bind-users
mailing list