Re: [pfSense] Why no dnssec in dnsmasq by default?
On 24.08.15 20:35, Chris Buechler wrote: On Sun, Aug 23, 2015 at 9:28 AM, Adrian Zaugg a...@ente.limmat.ch wrote: why it is not enabled by default? ... and because all the DNS servers used as forwarders must support DNSSEC too for it work. And thank you for your answer, Chris. Regards, Adrian. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Why no dnssec in dnsmasq by default?
On Sun, Aug 23, 2015 at 9:28 AM, Adrian Zaugg a...@ente.limmat.ch wrote: Adding the three lines dnssec dnssec-check-unsigned trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5 to dnsmasq in pfSense makes dnsmasq dnsssec aware. Is there a reason why there is no tickable box to enable this in the GUI or why it is not enabled by default? Because that was only recently added to dnsmasq, and by the time it was, we'd switched to Unbound as the default resolver. You can add it in the advanced options. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Why no dnssec in dnsmasq by default?
Chris SIR, I m using squid and squid guard its working good but some important sites r not opening given message ip-addr target group i also make rule for that still have same issue. Also add to whitelist. If i m use internet without pfSense its open properly. Pls give any idea.. On Aug 25, 2015 12:05 AM, Chris Buechler c...@pfsense.com wrote: On Sun, Aug 23, 2015 at 9:28 AM, Adrian Zaugg a...@ente.limmat.ch wrote: Adding the three lines dnssec dnssec-check-unsigned trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5 to dnsmasq in pfSense makes dnsmasq dnsssec aware. Is there a reason why there is no tickable box to enable this in the GUI or why it is not enabled by default? Because that was only recently added to dnsmasq, and by the time it was, we'd switched to Unbound as the default resolver. You can add it in the advanced options. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Why no dnssec in dnsmasq by default?
On Mon, Aug 24, 2015 at 1:19 PM, A Mohan Rao mohanra...@gmail.com wrote: Chris SIR, I m using squid and squid guard its working good but some important sites r not opening given message ip-addr target group i also make rule for that still have same issue. Also add to whitelist. If i m use internet without pfSense its open properly. Please don't hijack the thread. Post a new message for your question. db ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Why no dnssec in dnsmasq by default?
Okey sorry for that but if u have any solution for my question pls post. Thanks On Aug 25, 2015 12:55 AM, David Burgess apt@gmail.com wrote: On Mon, Aug 24, 2015 at 1:19 PM, A Mohan Rao mohanra...@gmail.com wrote: Chris SIR, I m using squid and squid guard its working good but some important sites r not opening given message ip-addr target group i also make rule for that still have same issue. Also add to whitelist. If i m use internet without pfSense its open properly. Please don't hijack the thread. Post a new message for your question. db ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] Why no dnssec in dnsmasq by default?
Adding the three lines dnssec dnssec-check-unsigned trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5 to dnsmasq in pfSense makes dnsmasq dnsssec aware. Is there a reason why there is no tickable box to enable this in the GUI or why it is not enabled by default? Thanks, Adrian. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold