How to enable DNSSEC - DNS Security validation in Resolver
Hi,
I would like to set my Mac to use DNSSEC (request secure answers and perform validation of answers). Anybody have an idea how to configure this?
I understand BIND 9 is in the OS but don't know how/if it ties into the name (DNS) resolver library which the apps (like Safari etc) use. I've realized that the usual UNIX style config files like /etc/named.conf and /etc/resolv.conf aren't really in use (see the Mac OS notices inside them).
This originally started as the ISP (Rogers) started displaying their own ad ridden search page for mis-typed/non-existent domain names typed into the web browser address bar. There was an opt out, which I used, but then it started displaying a highly annoying copy of Internet Exploder's DNS error page. Lately they started redirecting my Safari default home page (when starting Safari or shift cmdH) to their own website instead of what I've configured Safari with (I actually use the default http://livepage.apple.com/, call me lame 😉. So much for net neutrality...
DNSSEC may not solve this particular problem, since not all domains are secured anyways, but I'd like to try the option for other obvious reasons too.
PS. I couldn't find a topic on this. Apologies if there is already a thread on this topic and please direct me there if you know of it.
Cheers and hope you're having happy holidays!
Thanks in Advance!
I would like to set my Mac to use DNSSEC (request secure answers and perform validation of answers). Anybody have an idea how to configure this?
I understand BIND 9 is in the OS but don't know how/if it ties into the name (DNS) resolver library which the apps (like Safari etc) use. I've realized that the usual UNIX style config files like /etc/named.conf and /etc/resolv.conf aren't really in use (see the Mac OS notices inside them).
This originally started as the ISP (Rogers) started displaying their own ad ridden search page for mis-typed/non-existent domain names typed into the web browser address bar. There was an opt out, which I used, but then it started displaying a highly annoying copy of Internet Exploder's DNS error page. Lately they started redirecting my Safari default home page (when starting Safari or shift cmdH) to their own website instead of what I've configured Safari with (I actually use the default http://livepage.apple.com/, call me lame 😉. So much for net neutrality...
DNSSEC may not solve this particular problem, since not all domains are secured anyways, but I'd like to try the option for other obvious reasons too.
PS. I couldn't find a topic on this. Apologies if there is already a thread on this topic and please direct me there if you know of it.
Cheers and hope you're having happy holidays!
Thanks in Advance!
iMac, Mac OS X (10.6.2)
