DNSSEC and Caching Requirement (make optional) #6542
Comments
I'm not sure what you're talking about here, sorry. If you're talking about #4942, then it was about the processing of the explicitly set Also, if you're testing with custom upstream configurations for clients make sure that you've enabled caching in the clients' settings. |
Clearly my understanding of how that functionality works is wrong. I am sorry about that. Thanks to your response, I do understand it now. Yes, good point. I have enabled caching on those few clients that I have which have custom upstreams. I am very thankful for this recent addition. I will close this issue due to my misunderstanding. |
ainar-g
added
invalid
Prerequisites
I have checked the Wiki and Discussions and found no answer
I have searched other issues and found no duplicates
I want to request a feature or enhancement and not ask a question
The problem
Near the end of 2022, AdGuardHome made a change so that no requests would be cached unless DNSSEC was enabled in AGH and supported by the sites requested. This was done to avoid DNS cache poisoning.
This lowered the amount of requests being cached and increased average processing time of DNS requests.
Proposed solution
I suggest that this remains default, however, it would be good if users could change this to drop the DNSSEC requirement.
Since this is trading off some security for performance, the setting could just be changed within the AGH config file. If the setting is made present in the UI, it should have a small warning beside it so that the user knows of the security trade-off.
Alternatives considered and additional information
No response
The text was updated successfully, but these errors were encountered: