Hello, Please see: -> http://www.ietf.org/mail-archive/web/dane/current/msg06469.html -> https://www.ietf.org/mail-archive/web/dane/current/msg06658.html
These two threads are about handling of Authenticated Data(AD) bit by the stub resolvers. There two proposed solutions for this problem: 1) To install a 'trusted' local resolver running on 127.0.0.1:53. A system wide change request has been filed for this. -> https://fedoraproject.org/wiki/Changes/Default_Local_DNS_Resolver 2) To strip the AD bit in stub resolvers by default. This requires new configuration parameter(s) to be defined in '/etc/resolv.conf'. This is required because, till the time 'trusted' local resolver becomes a norm, applications need some way to know whether the listed name servers in '/etc/resolv.conf' are trustworthy or not. The discussion is open for ways to convey 'trustworthyness' of the listed name servers to the requesting applications and ways to enable/disable AD bit stripping in the stub resolver. Your inputs/comments about syntax & semantics of the new configurations in '/etc/resolv.conf' are most welcome. Thank you. --- Regards -Prasad http://feedmug.com -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
