Ask / Submit
11

Support DNSSEC

asked 2015-08-18 10:03:04 +0200

Mikaela gravatar image

As localhost already has some kind of nameserver/cache (see /etc/resolv.conf), could it also do DNSSEC validation?

I accidentally noticed that www.dnssec-broken.org does resolve on my Jolla which lead me to see that my carrier's (Elisa) DNS servers don't do DNSSEC validation (yet?).

Even if my carrier and all WLAN networks I visit had DNSSEC, it would still be the most secure to do locally as that way you don't have to trust connection between you and the external DNS server to carry the DNSSEC records (dnssecstrip would be possible otherwise).

edit retag flag offensive close delete

Comments

1

I would like it more that end-devices/clients would do the validation. If we (as the ISP) dothe validation and some nameless bank fucks up their dnssec our call-center is flooded. This is the reason that validation was switched off.

beeki ( 2015-08-18 14:57:38 +0200 )edit

I wouldn't want my Jolla to do recursive DNS queries FWIW :)

gabriel ( 2018-01-12 17:57:17 +0200 )edit

1 Answer

Sort by » oldest newest most voted
5

answered 2015-08-18 12:15:34 +0200

tigeli gravatar image

The dnsproxy is provided by the ConnMan and the DNSSEc discussion for it should be taken into connman@connman.net.

edit flag offensive delete publish link more
Login/Signup to Answer

Question tools

Follow
2 followers

Stats

Asked: 2015-08-18 10:03:04 +0200

Seen: 352 times

Last updated: Aug 18 '15