Doesn't dig already offer DoT using +tls and DoH using +https ? Don Friesen
-----Original Message----- From: bind-users <bind-users-boun...@lists.isc.org> On Behalf Of Ondrej Surý Sent: Wednesday, May 22, 2024 8:09 AM To: Havard Eidnes <h...@uninett.no> Cc: bind-users@lists.isc.org Subject: Re: Make dig and nslookup DNSSEC aware? [EXTERNAL] This email came from an external source. Only open attachments or links that you are expecting from a known sender. > On 22. 5. 2024, at 17:02, Havard Eidnes via bind-users > <bind-users@lists.isc.org> wrote: > > And, no, I'm not aware of any such plans to incorporate a DNSSEC > validator in any of those tools. Not sure it makes technical sense, > as it's a fairly large task. That's what a validating recursive > resolver does; watch for the 'ad' flag from one such instead? delv does that: $ delv http://www.isc.org/ ; fully validated http://www.isc.org/. 300 IN CNAME isc.map.fastlydns.net. http://www.isc.org/. 300 IN RRSIG CNAME 13 3 300 20240605025251 20240522021818 27566 isc.org. SG32Y38XgzScNzN4mw0ow6mHx2Su5t8sX5jvFzbsct9obDbfnidNaOXq CuJqBDwVfg/M0 9CXJ9f2MYdI1SzYPQ== ; unsigned answer isc.map.fastlydns.net. 60 IN A 151.101.2.217 isc.map.fastlydns.net. 60 IN A 151.101.66.217 isc.map.fastlydns.net. 60 IN A 151.101.130.217 isc.map.fastlydns.net. 60 IN A 151.101.194.217 But then only dig has support for DoT and DoH. Nobody has asked for the combination yet - those are debugging tools and not something you should incorporate "as library" into other products after all. We should probably add DoT, DoH and in future DoQ to both of the tools, not just dig. And forget that nslookup ever existed, just used dig (or delv). Ondřej -- Ondřej Surý (He/Him) ond...@isc.org My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
<<attachment: winmail.dat>>
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
