[Dnssec-trigger] dnssec-triggerd behaviour when hotspot_signon called

Paul Wouters paul at cypherpunks.ca
Wed Dec 4 16:10:06 UTC 2013

On Wed, 4 Dec 2013, Tomas Hozza wrote:

> I would like to discuss if the dnssec-triggerd behaviour
> when doing hot spot sign-on is really correct. At the moment
> dnssec-trigger writes nameservers obtained from DHCP into
> the /etc/resolv.conf on Linux.
> Wouldn't be better if it would set DNS servers obtained
> from DHCP (regardless if they support DNSSEC) as forwarders
> in unbound and also disable the validator module?
> When going back to the "secure" mode it could just enable
> the validator module and do the reprobing and set forwarders
> based on the probing results.

No, that would contaminate your cache.


More information about the dnssec-trigger mailing list