Maintained by: NLnet Labs

Can DNSSEC resolvers pass through all mangling CPEs?

Rick van Rein
Mon Jan 4 13:50:21 CET 2016

Hi Tony / list,

> DNSSEC detects and blocks mangling, it does not bypass it.

Thanks, I know.

What I am wondering is if the approach of recursive resolution, not explicitly going through the CPE, suffices to avoid mangling.  The CPE *could* still force control over DNS traffic on account of target port 53, and I am wondering if this happens.