No, stub resolvers are supposed to, and often do validate DNSSEC signatures. DNS... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

fanf2 on July 17, 2023 | parent | context | favorite | on: Show HN: Use DNS TXT to share information

No, stub resolvers are supposed to, and often do validate DNSSEC signatures. DNSSEC is designed so that validation should happen whenever any DNS data is received over the network.

tptacek on July 17, 2023 [–]

That's the opposite of how DNSSEC works in practice.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact