mirror of
https://github.com/hickory-dns/hickory-dns.git
synced 2026-04-26 03:35:52 +03:00
[GH-ISSUE #2429] On 0.24.1, setting validate=true rejects domains that do not publish DNSSEC records #988
Labels
No labels
blocked
breaking-change
bug
bug:critical
bug:tests
cleanup
compliance
compliance
compliance
crate:all
crate:client
crate:native-tls
crate:proto
crate:recursor
crate:resolver
crate:resolver
crate:rustls
crate:server
crate:util
dependencies
docs
duplicate
easy
easy
enhance
enhance
enhance
feature:dns-over-https
feature:dns-over-quic
feature:dns-over-tls
feature:dnsssec
feature:global_lb
feature:mdns
feature:tsig
features:edns
has workaround
ops
perf
platform:WASM
platform:android
platform:fuchsia
platform:linux
platform:macos
platform:windows
pull-request
question
test
tools
tools
trust
unclear
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/hickory-dns#988
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @msrd0 on GitHub (Sep 5, 2024).
Original GitHub issue: https://github.com/hickory-dns/hickory-dns/issues/2429
Describe the bug
I would expect that when I ask hickory-dns to validate DNSSEC, it only rejects those that failed validation (i.e. have bogus DNSSEC records), not also those that do not publish DNSSEC to begin with. For extremely paranoid ppl it might make sense to add an additional option, but I believe the default should be "check whenever possible".
To Reproduce
Start hickory-dns with the following config:
Then, query any domain that does not publish DNSSEC records, e.g.
github.com. Observe that no error indicator and no records are returned.Expected behavior
I expect to receive the records of the domain I queried.
System:
Version:
Crate: hickory-dns binary
Version: 0.24.1
@djc commented on GitHub (Sep 6, 2024):
I don't think there will be any more development of the 0.24.x range, so I suggest we focus discussion on #2428.
@djc commented on GitHub (Sep 25, 2024):
Closing this for the stated reason.