No, you have to configure the trust anchor on the command line (or in
the conf file). I've been using it (2.71, the latest version available
in OpenWRT), and it validates accurately as far as I can see. The
version I'm using has some quirks, the one I noticed right away is that
it sets the AD bit on responses that resulted from not being able to
reach its forwarders, where the data was not in the cache.
So as much as I respect and appreciate the work that has gone into it so
far, not quite ready for production use, but certainly worth it for the
last mile.
hth,
Doug
On 08/11/2014 10:08 AM, Richard Lamb wrote:
...and by any chance does it do 5011 or unbound style root TA updating.
On Mon, Aug 11, 2014 at 9:51 AM, Phil Regnauld <[email protected]
<mailto:[email protected]>> wrote:
David Conrad (drc) writes:
> Hi,
>
> I’m trying to collect an exhaustive list of (production-quality)
DNSSEC validating resolvers. The ones I know of so far are:
>
> BIND
> Unbound
> Nominum Vantio
> Google Public DNS
>
> Any others?
How far has comcast's work to rework dnsmasq and include
validation come ?
Cheers,
Phil
