Open mxsasha opened 6 months ago
bwbroersma
commented
6 months ago That would also the magic value of internet.nl here:
https://github.com/internetstandards/Internet.nl/blob/eaa9ea35a830f47a3bd65684e74cdc455e5a0d01/interface/views/shared.py#L58-L59
gthess
commented
6 months ago As per my comment on https://github.com/internetstandards/Internet.nl/issues/1358#issuecomment-2039322856
If all the contexts will be replaced by a stub, the stub needs to make sure to activate the CD flag (Checking Disabled) on its queries so that it gets also the bogus data back for other tests to work (like the prechecks and the mail auth test). The AD flag on the response would indicate if DNSSEC validation succeeded or failed.
We currently integrate libunbound to run unbound queries from our own code. This adds unnecessarily complexity in the app, and has caused issues like #1376 and confusion like #1340. Now that we have a properly managed validating and non-validating resolver, as part of our code repository, we should switch to using a simple stub resolver in our code.
The obvious choice is dnspython which we already use for other things. It supports EDE, as mentioned in this historical context of our unbound integration.