Support DNSSEC
asked 2015-08-18 10:03:04 +0200
As localhost already has some kind of nameserver/cache (see /etc/resolv.conf), could it also do DNSSEC validation?
I accidentally noticed that www.dnssec-broken.org does resolve on my Jolla which lead me to see that my carrier's (Elisa) DNS servers don't do DNSSEC validation (yet?).
Even if my carrier and all WLAN networks I visit had DNSSEC, it would still be the most secure to do locally as that way you don't have to trust connection between you and the external DNS server to carry the DNSSEC records (dnssecstrip would be possible otherwise).
I would like it more that end-devices/clients would do the validation. If we (as the ISP) dothe validation and some nameless bank fucks up their dnssec our call-center is flooded. This is the reason that validation was switched off.
beeki ( 2015-08-18 14:57:38 +0200 )editI wouldn't want my Jolla to do recursive DNS queries FWIW :)
gabriel ( 2018-01-12 17:57:17 +0200 )edit