[Dnssec-trigger] dnssec-triggerd behaviour when hotspot_signon called
Paul Wouters
paul at cypherpunks.ca
Wed Dec 4 16:10:06 UTC 2013
On Wed, 4 Dec 2013, Tomas Hozza wrote:
> I would like to discuss if the dnssec-triggerd behaviour
> when doing hot spot sign-on is really correct. At the moment
> dnssec-trigger writes nameservers obtained from DHCP into
> the /etc/resolv.conf on Linux.
>
> Wouldn't be better if it would set DNS servers obtained
> from DHCP (regardless if they support DNSSEC) as forwarders
> in unbound and also disable the validator module?
>
> When going back to the "secure" mode it could just enable
> the validator module and do the reprobing and set forwarders
> based on the probing results.
No, that would contaminate your cache.
Paul
More information about the dnssec-trigger
mailing list