On 28/09/2020 15:57, Marius Schwarz wrote:
Am 28.09.20 um 13:47 schrieb Zbigniew Jędrzejewski-Szmek:
> DNSSEC support in resolved can be enabled through resolved.conf.
Why isn't that the default, if this resolver can do it?
Because DNSSEC is a disaster area and if you try and use it
on random networks you're going to get failed lookups on a
reasonable number - it's fine if you're on a known network
with decent upstream servers but once you start going out
and using random WiFi hotspots and things it's a very
different story.
Tom
--
Tom Hughes (tom(a)compton.nu)
http://compton.nu/