[Dnssec-trigger] dnssec-triggerd behaviour when hotspot_signon called

Tomas Hozza thozza at redhat.com
Wed Dec 4 15:59:22 UTC 2013


I would like to discuss if the dnssec-triggerd behaviour
when doing hot spot sign-on is really correct. At the moment
dnssec-trigger writes nameservers obtained from DHCP into
the /etc/resolv.conf on Linux.

Wouldn't be better if it would set DNS servers obtained
from DHCP (regardless if they support DNSSEC) as forwarders
in unbound and also disable the validator module?

When going back to the "secure" mode it could just enable
the validator module and do the reprobing and set forwarders
based on the probing results.

Thank you.


Tomas Hozza

More information about the dnssec-trigger mailing list