[Dnssec-trigger] insecure/hotspot state lingers over network change

Paul Wouters paul at cypherpunks.ca
Fri Jun 29 19:25:44 UTC 2012


When you get to a hotspot that is so broken that you select "insecure",
dnssec-trigger does not default back to secure+probing when entering
another network, and it remains "insecure".

This is of course not good per default, but for me it causes an actual
problem, because in "insecure" mode, unbound is bypassed, so when I
bring up my VPN using openswan, it sends unbound a forward_zone request
for the VPN domain, but it is never used because resolv.conf does not
lead into unbound.

Can we go back to "secure" when we switch networks? If not, why is that?


More information about the dnssec-trigger mailing list