[Dnssec-trigger] Using dnssec-trigger when the forwarder lies

Phil Regnauld regnauld at nsrc.org
Tue Jan 3 10:56:32 UTC 2012

On 03/01/2012, at 09.56, "W.C.A. Wijngaards" <wouter at NLnetLabs.nl> wrote:

> As much as I dislike censorship, this tool is to provide DNSSEC, not
> censor-free-VPN.  DNSSEC will detect and stop tampering, as you note.

Isn't this type of hop by hop censorship (cf Paul Vixie's article yesterday) technically a subset of the case "broken and untrustworthy resolver" ?

DNSSEC trigger shouldn't have to make - or care - about the difference.

Or at least it could say "oh looks like someone is voluntarily tampering with the results, get a VPN"


More information about the dnssec-trigger mailing list