View previous topic :: View next topic |
Author |
Message |
r16 n00b
Joined: 03 Apr 2013 Posts: 3
|
Posted: Tue Jul 12, 2016 10:40 am Post subject: is DNSSEC enabled in the current glibc DNS resolver? |
|
|
I just set up DNSSEC on my home test domain, and I would like to verify that my DNS lookups, on both windows 10 and other up to date gentoo boxes are using the extra security. MSDN claims that as of windows 7, the windows DNS resolver is "security enabled" - I assume that means DNSSEC enabled. I actually pulled up a power shell and verified that the lookups ran properly. I guess I just have to trust microsoft - which is another topic entirely.
On my gentoo boxes I can run +dnssec digs all day long and they work great, however, I was not able to determine if the current default glibc resolver getaddrinfo() does DNSSEC by default, and if not what I have to do to make my gentoo boxes do DNSSEC by default. From a few years back (~2012) I was able to find a libval library and a function val_getaddrinfo() which did DNSSEC but it looks kinda antiquated and its usage doesn't look widespread. I'm not a linux developer so I'm not intimately familiar with the nuts and bolts of glibc.
Getting DNSSEC working is important, because ultimately I would like to use DNS lookups to securely push kerberos and PKI data to the network with minimal per-client configuration.
Any info / thoughts / ideas on this? |
|
Back to top |
|
|
Ant P. Watchman
Joined: 18 Apr 2009 Posts: 6920
|
Posted: Tue Jul 12, 2016 7:04 pm Post subject: |
|
|
glibc's resolver doesn't do much of anything, you'll need to run Unbound or BIND if you want DNSSEC. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|