‹ Back
Domain Name System Security Extensions (DNSSEC) 5 January 2012


DNSSEC-Trigger from NLnet Labs is a fascinating experimental tool that solves a fundamental problem that many end-users do not have access to a local DNS resolver that supports DNSSEC.  DNSSEC-Trigger configures a local copy of the Unbound DNS server (supplied for both Windows and Mac OS X) on your laptop or desktop so that you can use DNSSEC validation even if your local DNS servers may not directly support it.  As the project page explains:

Dnssec trigger enables the end-host (laptop or desktop computer) to use DNSSEC protection for the DNS traffic.  It probes for DNSSEC capable servers and instructs a validator on localhost to use that. If it fails, the user can opt to go insecure.

This means a browser can (often) get DNSSEC capable results. It may trust results from with the ADflag. Or it can do DNSSEC validation itself.

As this is a very useful component for testing DNSSEC, we intend to link to (or create) some tutorials relating to installing and using DNSSEC-Trigger. (If you are aware of existing tutorials, HOWTOs or blog posts, please let us know.)

‹ Back

Related articles

Building Trust 1 October 2017


The Domain Name System (DNS), the Internet’s addressing system, is the most critical component of the Internet infrastructure. As...

Deploy360 3 April 2017

Introduction to PKIs & CAs

In order to be trusted, the Internet must provide channels for secure and private communication between entities, which can...

Domain Name System (DNS) 31 December 2016

State of DNSSEC Deployment 2016

This report provides a snapshot of the state of deployment of DNSSEC as of the end of 2016. Please download...

Join the conversation with Internet Society members around the world