[systemd-devel] systemd prerelease 243-rc1
Lennart Poettering
lennart at poettering.net
Thu Aug 1 12:31:21 UTC 2019
On Mi, 31.07.19 13:52, Stefan Tatschner (stefan at rumpelsepp.org) wrote:
> On Wed, 2019-07-31 at 13:47 +0200, Lennart Poettering wrote:
> > > What is this “strict” mode exactly?
> >
> > It just means resolved will insist on DNS-over-TLS to talk to the
> > configured DNS servers, instead of trying to use it and falling back
> > automatically if it's not available.
>
> Ahh. Thanks for the explanation. I was just wondering if certificate
> checks have been implemented. IIRC resolved does not check/validate the
> certificate (chain) of the DNS server.
Certificate checks have been implemented as well. And they are
controlled by the same setting. If strict mode is on, only verifiable
certificates are accepted.
See: 4310bfc20b84127e19bed68701caa3820c844682
Lennart
--
Lennart Poettering, Berlin
More information about the systemd-devel
mailing list