dnscrypt-proxy - not getting dnssec results

Question

I have installed dnscrypt-proxy and am using and dnssec enabled provider; however, when testing my configuration, I'm not getting back dnssec information:

dig @127.0.0.1 -p 5300 weather.com +dnssec +multi


; <<>> DiG 9.11.0-P3 <<>> @127.0.0.1 -p 5300 weather.com +dnssec +multi
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 256
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;weather.com.       IN A

;; ANSWER SECTION:
weather.com.        20 IN A 23.199.61.218

;; Query time: 112 msec
;; SERVER: 127.0.0.1#5300(127.0.0.1)
;; WHEN: Tue Mar 07 10:27:54 EST 2017
;; MSG SIZE  rcvd: 56

Any ideas?

Frank Denis · Answer 1 · 2017-06-16T09:42:01.880

1

weather.com is not a signed zone. Authoritative servers don't serve any DNSSEC-related information, so none is returned by the resolvers either.

In order to check that the resolver properly supports DNSSEC, try resolving a different name. The root zone is obviously signed, and will return DNSSEC records. Or you can try resolving the dnscrypt.org name.

edited Jun 16 '17 at 09:42

answered Jun 16 '17 at 08:08

Frank Denis

205
1
4

2

Okay, so basically I cannot require DNSSEC because not all zones are signed. – Walter Jun 19 '17 at 19:13

dnscrypt-proxy - not getting dnssec results

1 Answers1