|
|
|
|
|
|
by jcalvinowens
78 days ago
|
|
|
Anything that uses system-resolved is probably doing DNSSEC validation by default. It's becoming much more common. Additionally, as I mentioned, openssh itself has support for validating the DNSSEC signature even if your local resolver doesn't. I actually don't think it can use the standard resolver for SSHFP records at all, but I'm not sure. |
|
|