[Dnssec-trigger] Using dnssec-trigger when the forwarder lies
regnauld at nsrc.org
Tue Jan 3 10:56:32 UTC 2012
On 03/01/2012, at 09.56, "W.C.A. Wijngaards" <wouter at NLnetLabs.nl> wrote:
> As much as I dislike censorship, this tool is to provide DNSSEC, not
> censor-free-VPN. DNSSEC will detect and stop tampering, as you note.
Isn't this type of hop by hop censorship (cf Paul Vixie's article yesterday) technically a subset of the case "broken and untrustworthy resolver" ?
DNSSEC trigger shouldn't have to make - or care - about the difference.
Or at least it could say "oh looks like someone is voluntarily tampering with the results, get a VPN"
More information about the dnssec-trigger