[talk] Question about DNSSEC

George Rosamond george at ceetonetechnology.com
Sun May 5 16:12:23 EDT 2024


On 5/5/24 16:06, Ivan "Rambius" Ivanov wrote:
> Hello,
> 
> I recently bought a new Turris Omnia wireless router
> https://www.turris.com/en/products/omnia/. The router has its own DNS
> resolver with DNSSEC, but by default it uses the ISP's DNS resolver
> with DNSSEC turned on. Spectrum is my ISP and I tried their DNS
> resolver with DNSSEC and it did not work. I had to disable DNSSEC to
> make it work. I called Spectrum and they told me they did not support
> DNSSEC.
> 

Oh shocking! From their commercials, you would thing they invented the
internet and DNSSEC.

> I was wondering what you guys would recommend - shall I use the
> router's own DNS resolver with DNSSEC or shall I use my ISP's one
> without DNSSEC?

So this is an interesting question, because the ISPs definitely sell the
DNS lookup data they get.

I think it depends.

Usually the ISP resolvers are much faster and reliable. I would wonder
what the upstream DNS resolver is for the device. Assume Google,Cloudflare?

If the speed of lookups was priority, I would probably run a lot of
lookups with time(1).

If DNSSEC was what you wanted, then the question is answered.

I'm wondering about sane public DNS that people are using, outside of
the usual suspects....

g




More information about the talk mailing list