[Dnssec-trigger] DNSSEC trigger and v6 DNS servers

Stephan Lagerholm stephan.lagerholm at secure64.com
Wed Dec 28 15:58:28 UTC 2011


I can still access www.trasigdnssec.se (a deliberately DNSSEC broken
domain) with DNSSEC trigger 0.9 installed and running on my windows 7
laptop when using v6 capable applications such as firefox. 

The probe results are:
results from probe at 2011-12-28 09:26:37

cache OK 
cache error no RRSIGs in reply

DNSSEC results fetched from (DHCP) cache(s)


What appears to happen is the firefox/IE is sending queries to the IPv6
DNS server 2001:5c0:1000:11::2 that I got provisioned via DHCPv6.
Shouldn't dnssec-trigger rewrite both the 'resolv.conf' for IPv4 and
IPv6 and start a local unbound on both ::1 and


More information about the dnssec-trigger mailing list