Hello, We are seeing more DNSSEC all the way to the desktop, thanks to NLnet Labs products like libunbound and GetDNS. Hooray!
What I am wondering is, if this also resolves all issues relating to NAT/firewall traversal of DNS. Quite a few CPE boxes are known to mangle DNS traffic under their default settings, and I am not sure if this is only the case when passing through their builtin DNS proxy service, or also when someone addresses port 53 (UDP, TCP, or both). This matter of CPE mangling also comes up in relation to new RRtypes that might be added to DNS; I wonder if that would be resolved by local-machine recursive resolvers. What is the experience with users and of NLnet Labs with CPE traversal by recursive resolvers? Thanks, -Rick
