Hi Anand, Op 22-09-2023 om 14:46 schreef Anand Buddhdev:
Do you think that dig should be adjusted to suppress cryptographic material from other records such as TLSA, SSHFP, CDNSKEY, CDS, etc, and the man page updated to reflect this?
Great discussion! I don't have any strong opinions just yet. But when you wrote this: > When I query using dig, and use the combination "+nocrypto +dnssec"It reminded me that that there is such thing as a .digrc file, that perhaps not all of the readers are familiar with.
Mine has this content: +bufsize=1232 +dnssec +nocrypto +multi -t AAAA It serves me well, mostly. Sometimes it bites me as well. In general I'm happy with it. Best regards, -- Marco Davids Research Engineer SIDN | Meander 501 | 6825 MD | Postbus 5022 | 6802 EA | ARNHEM T +31 (0)26 352 55 00 | www.sidnlabs.nl | Twitter: @marcodavids https://mastodon.social/@marcodavids | Matrix: @marco:sidnlabs.nl Nostr: 11ed01ff277d94705c2931867b8d900d8bacce6f27aaf7440ce98bb50e02fb34
OpenPGP_signature
Description: OpenPGP digital signature
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
