OK, here's what I have from engineering:
Terminal does not have support for DNSSEC in the current release. It is planned for a future release.
Our terminal handles DNSSEC requests like any other traffic flow to the destination server, in that we don't alter packets.
I hope that sheds light on your concerns.
Hmmm... I'm having difficulty believing that port 53 TCP/UDP packets aren't being spoofed or mangled.
I tried a different DNSSEC solution on the firewall, "dnsmasq".
I pointed the firewall to the following "validating" servers:
With DNSSEC enabled, I was unable to resolve any hosts I regularly visit.
I tried "dig" against google server 184.108.40.206 as follows:
# dig @220.127.116.11 +sigchase +dnssec www.ipfire.org
;; NO ANSWERS: no more
We want to prove the non-existence of a type of rdata 1 or of the zone:
;; nothing in authority section : impossible to validate the non-existence : FAILED
;; Impossible to verify the Non-existence, the NSEC RRset can't be validated: FAILED
Does that help?
Okay, I surrender.
Obviously, the DNS caching can't be disabled on an HN9000, and there's no hope in sight.
Guess I'll have to look for a NLOS wireless solution. I think my DNSSEC, data cap, throughput, and latency disappointments justify finding something else.
What a pity.
I noticed mainly on social media, slow running jumping computer, many times I'm forced to shutdown and mouse seems to be not responding properly