8 Dec
2015
8 Dec
'15
5:15 p.m.
On 2015/12/08 17:08 , Daniel Karrenberg wrote:
I wonder if in the case of local DNSSEC validating resolvers behind DNSSEC-unware resolvers in CPEs, this model is still valid.
At the risk of turning this into another DNS discussion list: Why are you wondering exactly? DNSSEC validating resolvers do cache, don't they?
To give an example, the ssh client I use is linked with getdns. Getdns will try to fetch RRSIG records, etc. from the local resolver. If that fails, getdns will become a full recursive resolver. When ssh starts, the cache of getdns will be empty. And after DNS resolution whatever is cached will not be used anymore.