[Dnsmasq-discuss] Possible to enable DNSSEC only for specific upstream servers?
Kevin P. Fleming
lists.dnsmasq at kevin.km6g.us
Sat Oct 19 15:17:54 UTC 2024
On Sat, Oct 19, 2024, at 11:07, wkitty42 at gmail.com wrote:
> On 10/19/24 9:51 AM, Kevin P. Fleming wrote:
>> Unfortunately when the 'general' usptream resolvers provided by the
>> hotel/airplane/etc. don't provide RRSIG in their responses, I have to disable
>> the global 'dnssec' setting in dnsmasq, otherwise all DNS resolution is broken.
>
> if they are using "walled gardens", my first thought will likely not work...
> that thought being to set your DNS server to always look to well known servers
> that do provide what you need... eg: always override to 8.8.8.8 and 4.4.4.4...
>
> it is possible they may be intercepting DNS queries and forcing them to their
> servers which will negate my suggestion thought, too...
Indeed... the hotel I was in earlier this week used the 'captive portal' mechanism and the only way to get connected to the outside was to use their resolvers (provided via DHCP) to get the address of the portal and then login. After that... those resolvers would do normal resolution for external names, but did not provide RRSIG responses.
More information about the Dnsmasq-discuss
mailing list