[Dnssec-trigger] DNSSEC trigger and v6 DNS servers

Stephan Lagerholm stephan.lagerholm at secure64.com
Wed Dec 28 15:58:28 UTC 2011


Hi,

I can still access www.trasigdnssec.se (a deliberately DNSSEC broken
domain) with DNSSEC trigger 0.9 installed and running on my windows 7
laptop when using v6 capable applications such as firefox. 

-----------------------------------------------
The probe results are:
results from probe at 2011-12-28 09:26:37

cache 64.92.220.220: OK 
cache 208.67.222.222: error no RRSIGs in reply

DNSSEC results fetched from (DHCP) cache(s)

---------------------------------------------

What appears to happen is the firefox/IE is sending queries to the IPv6
DNS server 2001:5c0:1000:11::2 that I got provisioned via DHCPv6.
Shouldn't dnssec-trigger rewrite both the 'resolv.conf' for IPv4 and
IPv6 and start a local unbound on both ::1 and 127.0.0.1?

/S





More information about the dnssec-trigger mailing list