Once upon a time, Lennart Poettering <mzerqung@xxxxxxxxxxx> said: > Again, we do not support DNSSEC from client to the stub. If you set CD > we'll return NOTIMP as rcode, indicating that. We do not implement a > full DNS server, but just enough for local stub clients (such as the > one implemented in glibc or Java) to work. If you want the full DNSSEC > client stuff, talk directly to the upstream DNS server. If you want to go in /etc/resolv.conf, you need to be a full resolver. There's no telling what programs expect to be able to talk the full DNS protocol to the "nameserver" lines from /etc/resolv.conf (for example, the perl Net::DNS module gets its servers from there by default, so all kinds of perl scripts could break). dnsmasq defaults to using resolvers from /etc/resolv.conf too IIRC. If you want to be a resolver, be an actual resolver, and in 2020, that includes implementing EDNS0, DNSSEC, etc. -- Chris Adams <linux@xxxxxxxxxxx> _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
