On 17. 04. 23 15:57, Simon Kelley wrote:
On 17/04/2023 01:10, Petr Menšík wrote:
I do not understand why should be proxy-dnssec caching unreliable. It
should be as simple as storing AD bit from the reply in cache entry.
I expect just extra bit is something we can afford.
I explained this
On 17/04/2023 01:10, Petr Menšík wrote:
I do not understand why should be proxy-dnssec caching unreliable. It
should be as simple as storing AD bit from the reply in cache entry. I
expect just extra bit is something we can afford.
I explained this somewhere up-thread. The problem is that
I do not understand why should be proxy-dnssec caching unreliable. It
should be as simple as storing AD bit from the reply in cache entry. I
expect just extra bit is something we can afford. Network Manager should
stop passing dnssec-proxy in case it is configured via DBus however. I
think
Hey Simon,
On Thu, 2023-04-13 at 22:15 +0100, Simon Kelley wrote:
> I'd like to know how EDE replies are being used, and what the changes
> referred to in this statement by Peter are.
>
> "Note that the changes made by the pi-hole developers have been
> implemented in pi-hole-FTL, the dnsmasq
I'm not clear where the EDE in a reply fits in to this.
--proxy-dnssec does only one thing: it stops dnsmasq from zeroing the
authenticated data (AD) bit in replies before returning them to clients.
This means that clients can rely on the AD bit to tell if the answer is
secure, with a couple
Hey Peter,
On Thu, 2023-04-13 at 12:15 +0200, Peter Russel wrote:
>
> Dominik, your questions and comments.
>
> Thanks for explaining "add-cpe-id=01234", meaning that it informs
> upstream that it is capable of processing EDNS data, nothing more.
> This implies dnsmasq cannot be the cause of
Hey Peter,
On Thu, 2023-04-13 at 08:37 +0200, Peter Russel wrote:
> Hi Simon
>
> Unfortunately, it looks like I've been shouting victory a little soon.
>
> The results are perfect when using dig, however, when using a browser
> (firefox, edge) the results are unreliable / inconsistent.
>
> The
On 13/04/2023 07:37, Peter Russel wrote:
Hi Simon
Unfortunately, it looks like I've been shouting victory a little soon.
The results are perfect when using dig, however, when using a browser
(firefox, edge) the results are unreliable / inconsistent.
The assumption is that adding the
On 09/04/2023 18:50, Peter Russel wrote:
SOLVED
The developers added code to pihole-FTL, which is the latest dnsmasq +
features (to make pi-hole the better solution).
full story (pi-hole forum) here:
https://discourse.pi-hole.net/t/dnssec-discussion-support-for-proxy-dnssec/62217
That
On 20/12/2019 15:23, S.B. wrote:
>
> Hi
>
> I did a few tests with the --proxy-dnssec option and according to my
> tests it seems as if this feature is not working as documented.
>
> If I query a dnssec signed domain I get an ad flag from my unbound which
> is my upstream server, but on
10 matches
Mail list logo
