[Dnssec-trigger] [matthaeus.wander at uni-due.de: Measuring Occurrence of DNSSEC Validation]
matthaeus.wander at uni-due.de
Wed Sep 26 15:20:27 UTC 2012
Am 21.09.2012 10:19, schrieb Stephane Bortzmeyer:
> Because of the algorithm used, it seems their algorithm fails (false
> negatives) for dnssec-trigger (or other cases where the DNS validator
> forwards to a non-validating recursor). Annoying.
The test should return a positive result even with multiple DNS
forwarders if there is at least one validating resolver on the path that
removes invalid RRs.
You will get a negative result only if a query slips through without any
validation on the DNS path. This could happen if you're using
dnssec-trigger but a VPN or WiFi profile software sneaked a
non-validating resolver into your OS network configuration.
May I ask dnssec-trigger users to check for yourselves?
If you get a negative result, please let me know the test time or your
IP address, so that I can check our logs about what went wrong.
Bismarckstr. 90 / BC 316
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5156 bytes
Desc: S/MIME Kryptografische Unterschrift
More information about the dnssec-trigger