Hello,
is there any support of squid to validate DNS queries using DNSSEC (DNS
Security Extensions)? Or is it planned?
Why?
DNSSEC was designed to protect the Internet from certain attacks, such
as DNS cache poisoning(see also the Kaminsky attach).
TLD .SE ist already DNSSEC ready. ICANN pushes pushes .ORG forward with
DNSSEC.
It would be very useful if squid validates DNS queries using DNSSEC (for
example using a library like libval) and shows the result as an error
message if there are any problems with this domain.
Without DNSSEC support the user will just get the message "Could not get
an IP address SERVER ERROR" without knowing that the name exists, but
there was just an error validation the domain (for example a cache
poisoning attack).
Looking http://www.dnssec-deployment.org/tracker/ there seems to be a
lot of software supporting DNSSEC.
Thanks for your help.
Regards
Willi Herzig
