Apparently there seems to be a misunderstanding at my end, e. g. where is the point of validation if the majority of domains are not signed? The validation happens at the resolver and the result of the validation could be relayed to the client, that if the client is interested to know (poll) the outcome of the validation. Yet none of the browsers, and probably the majority of other client applications such as mail clients, lack native support of presenting the result of the validation to the user. In my current (and now updated!) understanding, in all these cases I can never be sure to actually talk to the web site I wanted to? True, since DNSSEC validation is not presented by any browser or other client applications. One could always read the log file of the resolver, but that is cumbersome, or code an extension for web browser(s) (or other client applications) since their vendors do not exhibit any interest to implement DNSSEC validation presentation (as of today). Unbound has opened my eyes in this project so far. It helps me to use rolling DNS-servers of choice, it encrypts my queries and shows me what is going on. My conclusion so far: DNSSEC remains an illusion. Would that be correct? It is reality, but what is the point of implementing it for a domain, though I have for mine, if the validation results are not presented in a meaningful way to clients? |
- unbound 1.7.3 - Verified that unsigned r... Jochen Becker via Unbound-users
- Re: unbound 1.7.3 - Verified that u... Jaap Akkerhuis via Unbound-users
- unbound 1.7.3 - Verified that u... Jochen Becker via Unbound-users
- Re: unbound 1.7.3 - Verifie... ѽ҉ᶬḳ℠ via Unbound-users
- Re: unbound 1.7.3 - Verifie... Havard Eidnes via Unbound-users
- Re: unbound 1.7.3 - Verifie... Viktor Dukhovni via Unbound-users
