I'm struggling to get my head around what you're asking for. I think you're seriously asking if there's a way to skip all the actual security of DNSSEC and get a secure answer anyway?
No. The answer is "No". If you're comfortable with answers that might be lies, you can skip DNSSEC entirely. Otherwise you need to use DNSSEC to get either a signed, true answer, or signed proof there is no signed answer for the question you had (in which case you might choose to accept whatever answer you do get knowing it might not be true but at least you tried), or an error. Relying on an answer that might be a lie to tell you whether the answers you're getting might be lies is pointless. Literally futile. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
