I am aware, that my question may be a little bit out of the scope of ipfire.
Base case:
I have TLS over DNS and DNSSEC(of course) in my ipfire (core update 153) working.
I know how to check URLs if DNSSEC is used (via dig +dnssec …)
Are there any applications which the make use of the ad flag sent by the resolver in the ipfire or is this flag only nice to have?
Can’t tell without personally testing tbh or if someone has some feedback about this somewhere in the internet.
I did a lot of research in the internet.
Personally I think DNSSEC and DOT are good an necessary developments.
What I am concerned about is the fact that a resolver has as result the “ad” flag - and now? Do I know if the webpage for the bank with which I intend to transact money is the right one? Yes we have the certificates. What I understand is that DNSEC is a second barrier against evildoer in the net.
Apps for the verification in the browser are either outdated or refer there verification from the big techs.
So what I intended with my post is the question to the community about solutions to make use of the “ad” flag from the resolver in a certain kind of application.
Ah, welp I think you can personally make this app yourself as I do not know of any application that actually does this lol. Potentially easy to have that app use Linux’s “dig” tool and extract the needed data for output.
You can always see the “ad” flag by using “dig” on Linux to lookup a domain.
Any looked up domain that didn’t have “ad” on the “flags:” section means that it is not “Authenticated Data”.