amphineko
commented
4 years ago Probably you have discovered that enabling both DNSSEC and DoT will cause RRSIG query to . to fail. :)
Open amphineko opened 4 years ago
amphineko
commented
4 years ago Probably you have discovered that enabling both DNSSEC and DoT will cause RRSIG query to . to fail. :)
https://github.com/GroverChouT/opensuse-configs/blob/678beccea252b1a958b6f22a5cd572004bcaa7ff/etc/knot-resolver/kresd.conf#L23
You have explicitly disabled DNSSEC verification here, which is unsafe to domain spoofing.