Can DNSSEC resolvers pass through all mangling CPEs?

Rick van Rein rick at openfortress.nl
Mon Jan 4 12:50:21 UTC 2016


Hi Tony / list,

> DNSSEC detects and blocks mangling, it does not bypass it.

Thanks, I know.

What I am wondering is if the approach of recursive resolution, not explicitly going through the CPE, suffices to avoid mangling.  The CPE *could* still force control over DNS traffic on account of target port 53, and I am wondering if this happens.

-Rick



More information about the Unbound-users mailing list