educare:dnsutils
This is an old revision of the document!
dnsutils
Pacchetto che installa client dns
dig
nslookup
Starting with glibc 2.31, the DNS stub resolver does not blindly trust the
AD (authenticated data) flag, indicating a DNSSEC validation:
- By default the name servers and the network path to them are treated as
untrusted. In this mode, the AD flag is not set in queries, and it is
automatically cleared in responses, indicating a lack of DNSSEC
validation.
- A new trust-ad option, set via the options directive in /etc/resolv.conf
(or if RES_TRUSTAD is set in _res.options), indicates that the name
server is trusted. In this mode, the AD bit, as provided by the name
server, is made available to the applications.
Therefore if you trust your name servers, for example because you use a
locally running validating resolver (e.g. unbound, systemd-resolved or
dnsmasq), you might want to add the following line to /etc/resolv.conf:
options trust-ad
educare/dnsutils.1595326899.txt.gz · Last modified: 2020/07/21 12:21 by profpro