[Dnssec-trigger] Is Dnssec-trigger a resolver or a stub-resolver ?

Stephane Bortzmeyer bortzmeyer at nic.fr
Mon Dec 5 13:59:28 UTC 2011

On Thu, Dec 01, 2011 at 11:17:17AM -0500,
 Olafur Gudmundsson <ogud at ogud.com> wrote 
 a message of 30 lines which said:

> A standard recursive resolver will randomize which upstream
> resolvers it talks to. Most stub-resolvers on the other hand will
> ask resolvers in the order provided.

As you know, it is not standard (it is common, yes, but you cannot
rely on it).

> DNSSEC-Trigger seems to send queries to the 3 resolvers by random,
> this is causing a minor interoperability issue due to split-DNS
> usage

I would say that, if the DHCP server returns three resolvers and they
do not have the same data (split-view), then, you had a problem even
before dnssec-trigger.

> I'm not sure which behavior DNSSEC-Trigger should follow 

I'm happy with the current behavior. For me, dnssec-trigger is a full
resolver and randomizes among its forwarders.

More information about the dnssec-trigger mailing list