Add DNSSEC support for `v2.0.0-beta`
qdm12 opened this issue · 0 comments
qdm12 commented
See https://www.icann.org/resources/pages/dnssec-what-is-it-why-important-2019-03-05-en
- NSEC and NSEC3 records support
- Cache RRSIG (and others?) for their validity period
- Renew keys when they expire
Useful resources:
- https://pi-hole.net/blog/2021/12/12/understanding-dnssec-validation-using-pi-holes-query-log/#page-content
- https://www.youtube.com/watch?v=jOeyDFuKqvI
- https://www.ietf.org/rfc/rfc4033.txt
- DNSSEC Series #6. DNSSEC Record Types, Keys, Signatures, and NSEC, Part 2: https://www.youtube.com/watch?v=MheHMWCOTvE
Double check with https://wander.science/projects/dns/dnssec-resolver-test/