This is cool. Do you have a link to where I might find instructions to build the DNSSEC capable dnsmasq for OpenWRTish devices?
-Rick -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Marco Davids (SIDN) Sent: Wednesday, August 20, 2014 6:37 AM To: [email protected] Subject: Re: [Dnssec-deployment] Validating Resolvers Hi, DNSmasq indeed works quite well: (in Dutch) https://www.sidnlabs.nl/laatste-berichten/nieuwsdetail/article/dnssec-validatie-op-de-client-met-behulp-van-dnsmasq/ Speaking of client-side validation, Bloodhound might also proof to be worthwhile. I like it: https://www.dnssec-tools.org/wiki/index.php/Bloodhound And then there is also DNSSEC-trigger: http://www.nlnetlabs.nl/projects/dnssec-trigger/ (personally not one of my favorites, but I haven't played with it recently, so my experience is probably outdated). If you use Linux and like to try out things, you might be interested in this: https://github.com/edmonds/nss-ubdns. Not sure if that qualifies as 'production-quality' though. Regards, -- Marco On 11/08/14 18:45, David Conrad wrote: > Hi, > > I'm trying to collect an exhaustive list of (production-quality) DNSSEC > validating resolvers. The ones I know of so far are: > > BIND > Unbound > Nominum Vantio > Google Public DNS > > Any others? > > (From looking at the website, PowerDNS Recursor doesn't appear to validate > but I might be missing the obvious...) > > Thanks, > -drc >
