Seeing lots of DNS issues on OpenWRT
Sandro
lists at penguinpee.nl
Fri Sep 23 20:59:14 UTC 2022
On 23-09-2022 21:59, Ed Daniel wrote:
> As per your previous email 17:54 where you share Sparklight response,
> Quad9 uses strict DNS checking iirc, you should add another couple of
> cloud DNS resolvers like 1.1.1.1 and 8.8.8.8 that fall back to resolve
> when DNSSEC is broken at destination.
As I hinted in response to the mail you sent earlier, you could set this
up to do your own recursive queries from the root servers going up the
chain of trust. Domains that have DNSSEC disabled will just work. Only
broken DNSSEC enabled domains will not be answered.
I use Unbound for that purpose, but it can be done using BIND as well.
-- Sandro
More information about the bind-users
mailing list