[talk] Question about DNSSEC
Michael W. Lucas
mwl at mwl.io
Sun May 5 17:44:05 EDT 2024
On Sun, May 05, 2024 at 04:06:00PM -0400, Ivan "Rambius" Ivanov wrote:
> Hello,
>
> I recently bought a new Turris Omnia wireless router
> https://www.turris.com/en/products/omnia/. The router has its own DNS
> resolver with DNSSEC, but by default it uses the ISP's DNS resolver
> with DNSSEC turned on. Spectrum is my ISP and I tried their DNS
> resolver with DNSSEC and it did not work. I had to disable DNSSEC to
> make it work. I called Spectrum and they told me they did not support
> DNSSEC.
>
> I was wondering what you guys would recommend - shall I use the
> router's own DNS resolver with DNSSEC or shall I use my ISP's one
> without DNSSEC?
>
> Regards
> Ivan
Personal bias:
Run your own DNS resolver with DNSSEC validation.
If the router's implementation works, use it. If it's buggy, skip the
router and put a resolver somewhere you control.
recursive DNS load is so trivial on modern systems, and configuration
so straightforward, there's no reason not to.
==ml
--
Michael W. Lucas https://mwl.io/
author of: Absolute OpenBSD, SSH Mastery, git commit murder,
Absolute FreeBSD, Butterfly Stomp Waltz, TLS Mastery, etc...
### New books: DNSSEC Mastery, Letters to ed(1), Prohibition Orcs ###
More information about the talk
mailing list