local DNSSEC validation

DoHoT currently doesn't seem to mention and not doing local DNSSEC validation?

DoHoT seems to be based on dnscrypt-proxy which apparently doesn't do local DNSSEC validation. References:

* https://github.com/DNSCrypt/dnscrypt-proxy/discussions/1954
* https://github.com/DNSCrypt/dnscrypt-proxy/issues/167#issuecomment-367689381

Also [cloudflare**d**](https://github.com/cloudflare/cloudflared) apparently doesn't do local DNSSEC validation. References:

* https://github.com/cloudflare/cloudflared/issues/520
* https://community.cloudflare.com/t/does-the-cloudflared-dns-client-locally-verify-dnssec/335402

Thank you for all your work on DNS security!

BTW I am interested in documenting and including it in our security distro:
https://www.kicksecure.com/wiki/DNS_Security


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

local DNSSEC validation #4

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

local DNSSEC validation #4

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions