On 09/04/18 09:54, Matthias Runge wrote:
On Mon, Apr 09, 2018 at 10:01:21AM +0200, Martin Sehnoutka wrote:
Restarted Firefox and then also the whole laptop. Doesn't work. But
then I'm in Fedora 28 so it may be a bug. Anyway, getting this to work
for me isn't really the point of the thread. I'm wondering about
something that works out of the box for everyone, what that looks
like, and it seems like dnscrypt-proxy 2 can support either DNSSEC or
DNS-over-HTTP.
I've been playing with dnssec-trigger for a while and I would not enable
it by default. If you have a single connection with ISP provided
resolvers or public DNS, it is fine, but it gets harder to configure
when you have multiple connections like Wi-Fi and corporate or
university VPNs where each provides some forward zones and needs reverse
zones for correct behavior.
Same here, I' cusious if anyone has been able to get it working
properly? In best case, has someone written about it?
I'm fiddling around with adding/removing unbound forwards depending on
connected networks here and there, but it's still quite hacky.
DNSSEC is basically a complete disaster area.
Even on a well configured fixed network I sometimes have trouble
with and on my laptop it's hopeless - as soon as I connect to a
network away from home it's almost guaranteed to fail. I wind
up just turning on permissive mode in unbound though even that
doesn't always seem to work now.
Even just dynamically configuring forwards in unbound based
on VPN connections seems to be getting harder - recent versions
of unbound seem to be something of a disaster.
Tom
--
Tom Hughes (tom@xxxxxxxxxx)
http://compton.nu/
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx