FORMERR responses after upgrading resolver from 9.16 to 9.18.8
Crist Clark
cjc+bind-users at pumpky.net
Sat Oct 22 23:18:54 UTC 2022
On Sat, Oct 22, 2022 at 3:20 PM Sandro <lists at penguinpee.nl> wrote:
[snip]
> Doing favors for the better good does not seem to be in their
> dictionary. Look at DNSSEC.
>
Do you mean signing their domains or their public resolver services?
https://developers.google.com/speed/public-dns/faq
Does Google Public DNS support the DNSSEC protocol?
Google Public DNS is a validating, security-aware resolver. All responses
from DNSSEC signed zones are validated unless clients explicitly set the CD
flag in DNS requests to disable the validation.
https://developers.cloudflare.com/1.1.1.1/faq/#how-does-1111-work-with-dnssec
How does 1.1.1.1 work with DNSSEC?
1.1.1.1 is a DNSSEC validating resolver. 1.1.1.1 sends the DO (DNSSEC OK)
bit on every query to convey to the authoritative server that it wishes to
receive signed answers if available. 1.1.1.1 supports the signature
algorithms specified in Supported DNSKEY signature algorithms
<https://developers.cloudflare.com/1.1.1.1/encryption/dnskey/>.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20221022/9c83e2e1/attachment.htm>
More information about the bind-users
mailing list