Thanx a lot for the new DNS page! This is way better than the old stuff.
But I really wish there would be an info (table column) if the DNS server supports DNSSEC or not.
In recent cores this info was found in external network status - and was really helpful.
Infos I didn’t found in the wiki yet:
Is the order of the list the order the servers are queried? Or is a round robin scheme used?
Short explanation of what exactly is the difference between “standard” and “strict” QNAME minimisation?
Asking that, cause I haven’t read the named RFCs.
This function is there but you have to press “Check DNS Server” button because this need some time to test. If you git “OK” it support DNSSec if not, you get “Brocken” and if you mouseover you get the “strip RRSIG” ot other DNSSec messages.
There is no order in this list. All enabled server are set in unbound and unbound regular run some tests (speed and dnssec) and choose the best.
Thanks for clarification, Arne, I didn’t know that in detail.
I thought, that “OK” means, server is responding.
IMHO, it should say “OK, DNSSEC validating”, “BROKEN, no DNSSEC”, “Error, no …” but that’s cosmetic.
Functionality is implemented. Great.
Hi,
i do have the same result via the Tenta test, but e.g. the Cloudflair test --> https://www.cloudflare.com/ssl/encrypted-sni/ shows TLS1.3 encryption and enabled DNSsec. You can also check this via Tshark
tshark -i red0 port 853
or ‘port 53’ for unencrypted DNS traffic or via kdig with an e.g.
