View Single Post
  #2   (View Single Post)  
Old 29th January 2010
J65nko J65nko is offline
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,517

According to DNSSEC has not been been implemented completely yet.

The following packet dump show a DNSSEC answer
23:03:05.558393 > rnames.utp.xnet.36923:  43271-
q: A? 0/6/2 ns: NS, NS, Type50, RRSIG, Type50, RRSIG ar:
A, . OPT UDPsize=4096 (605) (DF) (ttl 58, id 0, len
If you want a safe DNS infrastructure, use tinydns and dnscache from Daniel Bernstein
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote