Re: Practical issues deploying DNSSEC into the home.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On Wed, 11 Sep 2013, Brian E Carpenter wrote:

> On 11/09/2013 09:59, Olafur Gudmundsson wrote:
> ...
> > My colleagues and I worked on OpenWrt routers to get Unbound to work there, what you need to do is to start DNS up in non-validating mode
> > wait for NTP to fix time, then check if the link allows DNSSEC answers through, at which point you can enable DNSSEC validation.
> 
> Hopefully you also flush the DNS cache as soon as NTP runs. Even so,
> paranoia suggests that a dodgy IP address might still be cached in
> some app.

I think you can avoid that issue by having the device not pass traffic
until the DNSSEC validation is enabled. Only the device needs the special
permissive handling for this to work.




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]