On 04/09/2018 02:07 AM, Chris Murphy wrote: > On Sun, Apr 8, 2018 at 4:59 PM, Dominik 'Rathann' Mierzejewski > <domi...@greysector.net> wrote: >> On Monday, 09 April 2018 at 00:52, Chris Murphy wrote: >> [...] >>> [chris@f28h ~]$ dnssec-trigger-control status >>> at 2018-04-08 16:46:45 >>> cache 75.75.76.76: OK >>> cache 75.75.75.75: OK >>> cache 2001:558:feed::1: OK >>> cache 2001:558:feed::2: OK >>> state: cache secure >> >> This looks good, similar to mine. >> >>> But no pages load. >>> >>> Hmm. We’re having trouble finding that site. >>> We can’t connect to the server at www. >> >> What can I say... this works for me (Fedora 27). Maybe try restarting >> Firefox? > > Restarted Firefox and then also the whole laptop. Doesn't work. But > then I'm in Fedora 28 so it may be a bug. Anyway, getting this to work > for me isn't really the point of the thread. I'm wondering about > something that works out of the box for everyone, what that looks > like, and it seems like dnscrypt-proxy 2 can support either DNSSEC or > DNS-over-HTTP.
I've been playing with dnssec-trigger for a while and I would not enable it by default. If you have a single connection with ISP provided resolvers or public DNS, it is fine, but it gets harder to configure when you have multiple connections like Wi-Fi and corporate or university VPNs where each provides some forward zones and needs reverse zones for correct behavior. > > -- Martin Sehnoutka | Associate Software Engineer PGP: 5FD64AF5 UTC+1 (CET) RED HAT | TRIED. TESTED. TRUSTED. _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
