feature request: modify getrrsetbyname() to use libunbound
Luca Filipozzi
lfilipoz at emyr.net
Fri May 18 10:05:19 EST 2012
On Thu, May 10, 2012 at 07:35:23PM +0000, Luca Filipozzi wrote:
> But before we invest more time in this effort, it would be helpful to
> hear upstream's opinion regarding our request for anchored DNSSEC
> validation to be built into openssh.
>
> We don't want to trust on an upstream resolver's AD bit and we don't
> want to require that users install a local resolver. Do they concur?
Alternately, would it be helpful to take Robert's suggestion of a
StrictDnssecChecking configuration directive and apply it to the ldns
implementation in 6.0p1? This would avoid introducing new dependencies
(unbound, dnssec-tools) while achieving the suggested functionality.
--
Luca Filipozzi
Member, Debian System Administration Team
More information about the openssh-unix-dev
mailing list