[Dnssec-trigger] dnssec-triggerd behaviour when hotspot_signon called

Paul Wouters paul at cypherpunks.ca
Wed Dec 4 16:48:17 UTC 2013


On Wed, 4 Dec 2013, Tomas Hozza wrote:

>>> When going back to the "secure" mode it could just enable
>>> the validator module and do the reprobing and set forwarders
>>> based on the probing results.
>>
>> No, that would contaminate your cache.
>
> Good point. Unfortunately FWIK the validator module can be
> disabled only by changing the configuration file. For changes
> to be used you'd need to reload unbound, which would result
> in flushing the cache completely.

And for good reason. If you go from a polluted cache to enabling
DNSSEC, you would have to validate the entire cache contents, or
just flush it and start from scratch. You could not use any
content in the cache since it had not been validated.

Paul



More information about the dnssec-trigger mailing list