On Sun, Apr 8, 2018 at 4:38 PM, Dominik 'Rathann' Mierzejewski <dominik@xxxxxxxxxxxxxx> wrote: > On Monday, 09 April 2018 at 00:33, Chris Murphy wrote: >> On Sun, Apr 8, 2018 at 4:25 PM, Chris Murphy <lists@xxxxxxxxxxxxxxxxx> wrote: >> > On Sun, Apr 8, 2018 at 4:07 PM, Dominik 'Rathann' Mierzejewski >> > <dominik@xxxxxxxxxxxxxx> wrote: >> >> On Sunday, 08 April 2018 at 23:52, mcatanzaro@xxxxxxxxx wrote: >> >>> >> >>> There was also >> >>> https://fedoraproject.org/wiki/Changes/Default_Local_DNS_Resolver which was >> >>> proposed for F22, but deferred twice and eventually dropped. >> >> >> >> Guys, I've had this enabled since forever with unbound as the local >> >> resolver being used out-of-the-box. Make sure you have dnssec-trigger >> >> installed: >> >> dnf install dnssec-trigger-panel >> > >> > >> > OK but can you call it out of the box if you have to install >> > dnssec-trigger-panel? > > Frankly, I don't remember. I haven't installed Fedora recently. > >> OK so I did that, and it broke Firefox. It fails to resolve anything. >> Reboot, same deal. 'dnf remove dnssec-trigger-panel' and now it's all >> working again. So, I dunno what that did but it doesn't work for me. > > Well, maybe your DHCP-provided DNS server is broken and doesn't support > DNSSEC. Try reprobing: > dnssec-trigger-control reprobe > and check with: > dnssec-trigger-control status > Well, Comcast claims they support DNSSEC in 2012 on their blog. I have no idea if they still do. [chris@f28h ~]$ dnssec-trigger-control reprobe Apr 08 16:46:44 f28h.local dnssec-triggerd[5651]: ok Apr 08 16:46:45 f28h.local dnssec-triggerd[5651]: ok [chris@f28h ~]$ dnssec-trigger-control status at 2018-04-08 16:46:45 cache 75.75.76.76: OK cache 75.75.75.75: OK cache 2001:558:feed::1: OK cache 2001:558:feed::2: OK state: cache secure But no pages load. Hmm. We’re having trouble finding that site. We can’t connect to the server at www. -- Chris Murphy _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
