default local DNS caching name server

Paul Wouters paul at
Fri Apr 11 22:44:21 UTC 2014

On Fri, 11 Apr 2014, Bruno Wolff III wrote:

>> I'm not sure what you are trying to say here.
> It was a comment about ISPs changing TTLs (or other things). DNSSEC can be 
> used to tell you the data might not be authoritative, but doesn't tell you 
> what the correct information is.

First, TTLs you receive from a forwarder can always be manipulated, even
with DNSSEC - otherwise caching wouldn't work.

Second, I still don't understand the point. Are you suggesting it is
better to believe all DNS lies than to not know where the lies lead?


More information about the devel mailing list