On Tue, Aug 14, 2012 at 08:16:02AM -0500, /dev/rob0 wrote: > On Mon, Aug 13, 2012 at 07:10:58PM +0200, John Hallam wrote: > > * If you are wondering, why two caches, the reason is that dnsmasq > > allows me to redirect troublemaker domains to the black hole easily, > > while dnscache is a somewhat-paranoid full recursive caching > > resolver. (The dnsmasq has to forward queries to the dnscache; the > > reverse doesn't work straightforwardly.) > > FSVO "full" and "paranoid". dnscache does not support DNSSEC > signature verification, does it? Is anybody hacking on it since its > abandonment?
No, it doesn't support DNSSEC as far as I am aware. And I don't think anyone plans to add the facility to it. If you care about DNSSEC there are other good alternatives to bind available. (By somewhat-paranoid etc., I meant that dnscache always starts its resolution chain from the roots, only trusts authoritative servers and won't talk to upstream caches if working as a recursive resolver. (Fully-paranoid would also verify the zone signatures on each step.)) Cheers, John _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss