maddy icon indicating copy to clipboard operation
maddy copied to clipboard
verified publisher icon foxcpp

DNSSEC support for Windows

Open foxcpp opened this issue 5 years ago • 2 comments

The problem is obtaining system DNS configuration for use in resolver code. The relevant function is NewExtResolver in framework/dns/dnssec.go.

According to https://stackoverflow.com/a/13417318 comments it can be read from registry (DhcpNameServer or NameServer for each interface). Need to figure out which value should be preferred if there are multiple interfaces (or just use them all?).

foxcpp avatar Mar 07 '21 17:03 foxcpp

I did some reason and it seems like Windows's DNS API does not expose information about DNSSEC status even for Windows versions that have the security-aware client implementation.

foxcpp avatar Jul 05 '21 15:07 foxcpp

Therefore extracting DNS configuration from registry and querying servers directly seems to be the only way to obtain security information necessary for maddy security policies.

foxcpp avatar Jul 05 '21 15:07 foxcpp