[Unbound-users] Google Public DNS
Phil Pennock
unbound-users+phil at spodhuis.org
Wed Mar 20 09:55:38 UTC 2013
On 2013-03-20 at 08:22 +0100, Ondřej Surý wrote:
> The question to answer is: How many stub resolver do set DO/AD flag or eve allow to set it? So this doesn't make much sense to me to implement in Unbound too, since I consider this practically useless.
Client applications can set it, because stub resolvers do permit it to
be set. It's the RES_USE_DNSSEC flag for the resolver options field in
the resolv.h interface; if your platform doesn't use resolv.h, pass.
Exim current git head does this, if the dns_use_dnssec option is set; I
added it last June.
Mind, I think that unbound's approach is sane and I'm happy it is as it
is, but still, if an application wants to _rely_ on DNSSEC, then it
should be setting the DO flag and checking AD. This affects forthcoming
DANE support, for instance.
More information about the Unbound-users
mailing list