On 2012-10-02 8:01 PM, Roy Arends wrote: > dnssec-trigger is your friend.
i looked at <http://www.nlnetlabs.nl/projects/dnssec-trigger/>. it says: > Dnssec-trigger reconfigures the local unbound DNS server. This unbound > DNS server performs DNSSEC validation, but dnssec-trigger will signal > it to to use the DHCP obtained forwarders if possible, and fallback to > doing its own AUTH queries if that fails, and if that fails prompt the > user via dnssec-trigger-applet the option to go with insecure DNS only. and: > One of the last resorts of dnssec-trigger is to use SSL port 443 for > DNSSEC. If that fails, it is unlikely that DANE (https, also SSL port > 443) can work. Thus, logically, this service is very likely to provide > DNSSEC when DANE must have it. has the ssl format been submitted as an internet-draft, or is this a "private standard"? (if we're expecting tablets, cell phones, and factory fresh osx and windows to do this, it has to be the former.) _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
