On Mi, 31.07.19 13:52, Stefan Tatschner (ste...@rumpelsepp.org) wrote: > On Wed, 2019-07-31 at 13:47 +0200, Lennart Poettering wrote: > > > What is this “strict” mode exactly? > > > > It just means resolved will insist on DNS-over-TLS to talk to the > > configured DNS servers, instead of trying to use it and falling back > > automatically if it's not available. > > Ahh. Thanks for the explanation. I was just wondering if certificate > checks have been implemented. IIRC resolved does not check/validate the > certificate (chain) of the DNS server.
Certificate checks have been implemented as well. And they are controlled by the same setting. If strict mode is on, only verifiable certificates are accepted. See: 4310bfc20b84127e19bed68701caa3820c844682 Lennart -- Lennart Poettering, Berlin _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
