[Ach] opinions on letsencrypt.org?
Jonas Wielicki
j.wielicki at sotecware.net
Wed Nov 26 07:30:39 CET 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
On 25.11.2014 19:24, Hanno Böck wrote:
> What's the idea here? Should everyone install a dns resolver
> locally? (I feel this would open up a whole bunch of potential
> other issues if it isn't done right - e.g. if the resolver is open
> to anyone)
This should not be an issue if handled by the Operating System
provider. Fedora started to ship dnssec-trigger[1], which
automatically configures a local unbound to do resolving. There is
quite some magic involved, and it does not work flawlessly in all
cases[2], but I think that following this step, it can certainly be
done right.
regards,
jwi
[1]: https://fedoraproject.org/wiki/Features/DNSSEC_on_workstations
[2]: The issues are mostly UX things, like sometimes unbound messes
up and one has to restart it manually or the GUI which is a bit
strange and advertises features which are not there (like
switching off DNSSEC).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJUdXOOAAoJEMBiAyWXYliK4ioQAJYQN/Pk5xd14SErofiAN52a
OvTv6pOqzmE58OSRmLGAPqqiKZ6WaMIdUO1ob91Z2OnVoxP7LjMHjX9O16irNW3t
LwTdygkIfKstiz7afCE1Juuo5XM413aAvK4qIrgNmLgCxpCOjwLgrZ8bR6+0KeVm
5oiXQbyfdi4jXekUl1Ib7HfKloQjprbJQnwMNRwcX/HRccA9pxcCFR9SU9HjeyHF
+/2j2HoqJGLgU2st5jGRzIwfJoHVglkgFMiy2hNH8KHai/YZKTCFwYgUSDKAwFrO
on/LSTm1PQGbgYzaJEWfPEZFJM9/bqqCK3qGB8hHftJH3HI7Bo26LckeplzBecx/
RMf7XI0FFNXctDxLrVzKOW5c9DJlnjpa0cdQSLUJnEXiQ1yY+TpoOgAJcurLzMvd
YpBgkuU7ZJZS39AF6oCYyQE2SSToocPMbUeZpTASPLc3oE480A5eGmu1Fc82GkkF
7k8q/qASoXmJnf6s4xwFTZi0V/q2XSYA0bvY0HF8nUf1b2l2mGRJA4ga77u2H8ik
BWLgFkKcU56rypYSZGnVfSoACpCGby5IuOQZ9+vSblHq16JsX62i2lqPo5kUUySS
ExZVq+yNfmkQtEgdecdFu3Vk+1cfaAnshR0bL03jkDoow6cR02LJ3Wyna/AQuWJb
rQjx4KPuocEObsAK1kI3
=83wh
-----END PGP SIGNATURE-----
More information about the Ach
mailing list