On Sun, May 05, 2024 at 04:06:00PM -0400, Ivan "Rambius" Ivanov wrote: > Hello, > > I recently bought a new Turris Omnia wireless router > https://www.turris.com/en/products/omnia/. The router has its own DNS > resolver with DNSSEC, but by default it uses the ISP's DNS resolver > with DNSSEC turned on. Spectrum is my ISP and I tried their DNS > resolver with DNSSEC and it did not work. I had to disable DNSSEC to > make it work. I called Spectrum and they told me they did not support > DNSSEC. > > I was wondering what you guys would recommend - shall I use the > router's own DNS resolver with DNSSEC or shall I use my ISP's one > without DNSSEC? > > Regards > Ivan
Personal bias: Run your own DNS resolver with DNSSEC validation. If the router's implementation works, use it. If it's buggy, skip the router and put a resolver somewhere you control. recursive DNS load is so trivial on modern systems, and configuration so straightforward, there's no reason not to. ==ml -- Michael W. Lucas https://mwl.io/ author of: Absolute OpenBSD, SSH Mastery, git commit murder, Absolute FreeBSD, Butterfly Stomp Waltz, TLS Mastery, etc... ### New books: DNSSEC Mastery, Letters to ed(1), Prohibition Orcs ### _______________________________________________ talk mailing list talk@lists.nycbug.org https://lists.nycbug.org:8443/mailman/listinfo/talk
