as a quick and easy test you can always try to resolve a
hostname with known invalid DNSSEC records:
www.dnssec-failed.org
--
https://mastodon.social/@nusenu
twitter: @nusenu_
signature.asc
Description: OpenPGP digital signature
___
tor-relays
On 2018-04-11 04:10, Paul Templeton wrote:
When I do a dig +dnssec . | grep ";; flags:" I get ;; flags: qr rd ra
ad; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1 this looks as if
its working.
Just to be safe, you could also check the rest of the dig output and
/etc/resolv.conf (or
Thanx Alexander
> Just to be safe, you could also check the rest of the dig output and
> /etc/resolv.conf (or relevant resolver configuration on your system) to
> make sure your BIND is being used. The flags look fine, though.
resolv.conf only has 127.0.0.1 and Dig responds from 127.0.0.1 -
Dhalgren Tor:
> Respectfully, I disagree.
>
https://lists.torproject.org/pipermail/tor-relays/2015-October/007904.html
wrote:
> Spent a few minutes activating the DNSSEC trust-anchor for 'unbound'.
>
> Ran 'dig' on a few signed domains and observed that queries that took
> under 50
On 12.04.18 13:05, Alexander Dietrich wrote:
> Just to be safe, you could also check the rest of the dig output and
> /etc/resolv.conf (or relevant resolver configuration on your system)
> to make sure your BIND is being used.
I have seen hosters where /etc/resolv.conf is overwritten whenever