On 12/07/2015 09:40 PM, Paul Wouters wrote: > On Mon, 7 Dec 2015, Florian Weimer wrote: > >>> Clearly, fedora cannot be changed to hijack a real domain, so >>> Fritzbox better >>> solve this quickly with an update, even if no one actually will >>> update their >>> router :( >> >> Well, AVM could just register fritz.box and leave it unsigned, which >> solves the problem for us. > > If my fritz.box is 192.168.1.254 and yours is 192.168.1.1, what would > you want the AVM registered domain fritz.box to return as A record? The public DNS would return NODATA. > One of us will break regardless, unless the fritz box hijacks all port > 53 to push it through its preprocessor its fake .box domain. Okay, AVM would also have to fix their boxes not to strip RRSIG records, so that Unbound's fallback mechanism would become unnecessary. (It was said earlier on this thread that Unbound would use the DNS servers received over DHCP as forwarders if possible.) Florian -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
