[Dnssec-trigger] DNSSEC trigger and v6 DNS servers
Stephan Lagerholm
stephan.lagerholm at secure64.com
Tue Jan 3 14:25:50 UTC 2012
Hi Wouter,
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Stephan,
>
> On 12/28/2011 04:58 PM, Stephan Lagerholm wrote:
> > Hi,
> >
> > I can still access www.trasigdnssec.se (a deliberately DNSSEC
> > broken domain) with DNSSEC trigger 0.9 installed and running on my
> > windows 7 laptop when using v6 capable applications such as
> > firefox.
> >
> > ----------------------------------------------- The probe results
> > are: results from probe at 2011-12-28 09:26:37
> >
> > cache 64.92.220.220: OK cache 208.67.222.222: error no RRSIGs in
> > reply
> >
> > DNSSEC results fetched from (DHCP) cache(s)
> >
> > ---------------------------------------------
> >
> > What appears to happen is the firefox/IE is sending queries to the
> > IPv6 DNS server 2001:5c0:1000:11::2 that I got provisioned via
> > DHCPv6. Shouldn't dnssec-trigger rewrite both the 'resolv.conf' for
> > IPv4 and IPv6 and start a local unbound on both ::1 and 127.0.0.1?
>
> Unbound is on ::1, but there is no resolv.conf on windows7, it writes
> into the registry. There must be an additional entry to overwrite
> with tthe DHCPv6 results. I would like you to search your registry
> for that DNS server (as a string), it should give you a hit in
> HKEY_LOCAL_MACHINE (abbrev to HKLM):
>
SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\<someGUID
>
> What is the entire contents of that 'folder' in the registry? I mean
> DNS related, such as 'Nameserver' or 'DNS' in the name? Now, it sets
> the 'Nameserver' entry to 127.0.0.1.
There is also a TCPIP6 folder:
SYSTEM\CurrentControlSet\services\Tcpip6\Parameters\Interfaces\
I will send you a screenshot in a separate email.
/S
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/dnssec-trigger/attachments/20120103/7e156564/attachment.htm>
More information about the dnssec-trigger
mailing list