Intent and implementation of dig's +crypto option
Marco Davids (SIDN)
marco.davids at sidn.nl
Fri Sep 22 13:03:22 UTC 2023
Hi Anand,
Op 22-09-2023 om 14:46 schreef Anand Buddhdev:
> Do you think that dig should be adjusted to suppress cryptographic
> material from other records such as TLSA, SSHFP, CDNSKEY, CDS, etc, and
> the man page updated to reflect this?
Great discussion! I don't have any strong opinions just yet.
But when you wrote this:
> When I query using dig, and use the combination "+nocrypto +dnssec"
It reminded me that that there is such thing as a .digrc file, that
perhaps not all of the readers are familiar with.
Mine has this content:
+bufsize=1232
+dnssec
+nocrypto
+multi
-t AAAA
It serves me well, mostly. Sometimes it bites me as well.
In general I'm happy with it.
Best regards,
--
Marco Davids
Research Engineer
SIDN | Meander 501 | 6825 MD | Postbus 5022 | 6802 EA | ARNHEM
T +31 (0)26 352 55 00 | www.sidnlabs.nl | Twitter: @marcodavids
https://mastodon.social/@marcodavids | Matrix: @marco:sidnlabs.nl
Nostr: 11ed01ff277d94705c2931867b8d900d8bacce6f27aaf7440ce98bb50e02fb34
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230922/3739aef1/attachment.sig>
More information about the bind-users
mailing list