default local DNS caching name server
Paul Wouters
paul at nohats.ca
Fri Apr 11 22:44:21 UTC 2014
On Fri, 11 Apr 2014, Bruno Wolff III wrote:
>> I'm not sure what you are trying to say here.
>
> It was a comment about ISPs changing TTLs (or other things). DNSSEC can be
> used to tell you the data might not be authoritative, but doesn't tell you
> what the correct information is.
First, TTLs you receive from a forwarder can always be manipulated, even
with DNSSEC - otherwise caching wouldn't work.
Second, I still don't understand the point. Are you suggesting it is
better to believe all DNS lies than to not know where the lies lead?
Paul
More information about the devel
mailing list