[Cerowrt-devel] coping with ipv6 source routing and dns
Toke Høiland-Jørgensen
toke at toke.dk
Wed Jan 29 17:30:34 EST 2014
Dave Taht <dave.taht at gmail.com> writes:
> Since most forwarders can't be trusted to return NXDOMAIN, an internal
> email box at several of my sites runs dns directly. A few dnsrbl
> providers offer ipv6 transport, so it's possible.
Ah, I see. I just run bind on cerowrt. Have to set an ntp server by IP
(or in /etc/hosts; I use an internal GPS-backed server) to bootstrap,
but otherwise it works well.
> One advantage of dnssec is we get NXDOMAIN working again, so a
> forwarder can be used...
Presumably only if the forwarder doesn't strip the dnssec stuff?
-Toke
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 489 bytes
Desc: not available
URL: <https://lists.bufferbloat.net/pipermail/cerowrt-devel/attachments/20140129/a35ac00e/attachment.sig>
More information about the Cerowrt-devel
mailing list