Differences

This shows you the differences between two versions of the page.

--- userdoc:tt_dns_tls_proxy [2018/05/05 19:06]
abelbeck [DNS-TLS Proxy Configuration]
+++ userdoc:tt_dns_tls_proxy [2018/05/05 19:15]
abelbeck [DNS-TLS Proxy Configuration]
@@ Line 24: / Line 24: @@
 {{:userdoc:dns_tls-default-config1.jpg?nolink|DNS-TLS Default Configuration}}
-The "DNSSEC Validation" selection defines the stubby ''dnssec_return_status'' configuration. By default, any DNSSEC validation is expected to be performed by the upstream server. Offloading the DNSSEC validation upstream via a secure channel is the fastest method.
+The "DNSSEC Validation" selection defines the stubby ''dnssec_return_status'' configuration. By default, any DNSSEC validation is expected to be performed by the upstream recursive
+ server. Offloading the DNSSEC validation upstream via a secure channel is the fastest method.
 {{:userdoc:dns_tls-default-config1a.jpg?nolink|DNS-TLS DNSSEC Configuration}}
+If you want to enable the stubby ''dnssec_return_status'' configuration, select the "perform local validation" option.  In this case the local DNS-TLS proxy will perform DNSSEC validation.  Local validation forces additional DNS lookups and slightly slows the overall response time.  Enable local validation when the upstream recursive server does not perform DNSSEC validation or you don't truest it's validation.
 The "Query Server(s)" selection defines the stubby ''round_robin_upstreams'' configuration. By default, only the first upstream recursive server entry is used to handle all DNS queries. If that server becomes unavailable then the next server in the list will be used to handle all DNS queries.