User Tools

Site Tools


educare:dnsutils

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
educare:dnsutils [2020/06/08 22:20] – external edit 127.0.0.1educare:dnsutils [2020/07/21 12:21] profpro
Line 6: Line 6:
  
 nslookup nslookup
 +
 +<code>
 +Starting with glibc 2.31, the DNS stub resolver does not blindly trust the
 +  AD (authenticated data) flag, indicating a DNSSEC validation:
 +  
 +- By default the name servers and the network path to them are treated as
 +    untrusted. In this mode, the AD flag is not set in queries, and it is
 +    automatically cleared in responses, indicating a lack of DNSSEC
 +    validation.
 +
 +  - A new trust-ad option, set via the options directive in /etc/resolv.conf
 +    (or if RES_TRUSTAD is set in _res.options), indicates that the name
 +    server is trusted. In this mode, the AD bit, as provided by the name
 +    server, is made available to the applications.
 +
 +  Therefore if you trust your name servers, for example because you use a
 +  locally running validating resolver (e.g. unbound, systemd-resolved or
 +  dnsmasq), you might want to add the following line to /etc/resolv.conf:
 +
 +    options trust-ad
 +
 +</code>
educare/dnsutils.txt · Last modified: 2023/06/14 10:44 by profpro