You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
according to README, blocky supports DNSSEC. This is only "half-true". Blocky support RRSIG/etc records, but doesn't validate DNSSEC trust chain at all. It just trust validation done by upstream resolver, which is not secure enough.
Used dns library doesn't do validation per-se (confirmed by author), but it can be added. For inspiration how to do validation correctly, see sdns which uses same dns library.
The text was updated successfully, but these errors were encountered:
Hi,
according to README, blocky supports DNSSEC. This is only "half-true". Blocky support RRSIG/etc records, but doesn't validate DNSSEC trust chain at all. It just trust validation done by upstream resolver, which is not secure enough.
Used dns library doesn't do validation per-se (confirmed by author), but it can be added. For inspiration how to do validation correctly, see sdns which uses same dns library.
The text was updated successfully, but these errors were encountered: