This can work around if your local resolver strips DNSSEC, but also it
means resolution is bonkers slow and might even take forever / fail if
DNS queries are blocked (because you're on TOR VPN or similar). So if
recursive DNSSEC fails, just fail DNSSEC and fall back to regular DNS lookups.
@@ -234,6 +234,8 @@ public class Resolver {
final AbstractDnsClient dnssecclient = DnssecResolverApi.INSTANCE.getClient();
if (dnssecclient instanceof ReliableDnsClient) {
((ReliableDnsClient) dnssecclient).setUseHardcodedDnsServers(false);
+ // If your DNS server sucks, just don't do DNSSEC
+ ((ReliableDnsClient) dnssecclient).setMode(ReliableDnsClient.Mode.recursiveOnly);
}
}