On 04/09/2018 02:07 AM, Chris Murphy wrote:
> On Sun, Apr 8, 2018 at 4:59 PM, Dominik 'Rathann' Mierzejewski
> <domi...@greysector.net> wrote:
>> On Monday, 09 April 2018 at 00:52, Chris Murphy wrote:
>> [...]
>>> [chris@f28h ~]$ dnssec-trigger-control status
>>> at 2018-04-08 16:46:45
>>> cache OK
>>> cache OK
>>> cache 2001:558:feed::1: OK
>>> cache 2001:558:feed::2: OK
>>> state: cache secure
>> This looks good, similar to mine.
>>> But no pages load.
>>> Hmm. We’re having trouble finding that site.
>>> We can’t connect to the server at www.
>> What can I say... this works for me (Fedora 27). Maybe try restarting
>> Firefox?
> Restarted Firefox and then also the whole laptop. Doesn't work. But
> then I'm in Fedora 28 so it may be a bug. Anyway, getting this to work
> for me isn't really the point of the thread. I'm wondering about
> something that works out of the box for everyone, what that looks
> like, and it seems like dnscrypt-proxy 2 can support either DNSSEC or
> DNS-over-HTTP.

I've been playing with dnssec-trigger for a while and I would not enable
it by default. If you have a single connection with ISP provided
resolvers or public DNS, it is fine, but it gets harder to configure
when you have multiple connections like Wi-Fi and corporate or
university VPNs where each provides some forward zones and needs reverse
zones for correct behavior.


Martin Sehnoutka | Associate Software Engineer
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Reply via email to