[tor-relays] Let's increase the amount of exit relays doing DNSSEC validation
Paul Templeton
paul at coffswifi.net
Wed Apr 11 02:10:42 UTC 2018
Hi All,
Is there anyone who uses Bind9? I'll setup DNSSEC on all Exits but I would like to validate the config.
I have done this on 41781FDC57238DAB955DF6D6E8400CEC5ACBE706
options {
directory "/var/cache/bind";
dnssec-enable yes;
dnssec-validation yes;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { ::1; };
listen-on { 127.0.0.1; };
allow-recursion { 127.0.0.1; ::1; };
};
include "/etc/bind/bind.keys";
When I do a dig +dnssec . | grep ";; flags:" I get ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1 this looks as if its working.
There is no forwarding.
Paul
More information about the tor-relays
mailing list