OpenDNS is happy to announce support for DNSSEC validation in our DNS resolvers. With this release, the OpenDNS resolvers will act as fully RFC compliant security aware resolvers by performing DNSSEC validation on queries to authoritative nameservers for signed zones.
The full scope of our support for DNSSEC can be found here:
DNSSEC Release schedule
Support for DNSSEC will be released in a phased manner, with our different resolver destinations gaining support at different times.
|Resolvers||IP Addresses||DNSSEC Release Date|
OpenDNS is currently aware of the following known issues. If you have questions or need additional details, please contact our Support team and reference the issue ID in parentheses.
- Support for all ED algorithms IN RFC 8624 (DPT-36)
- Specifically, ED25519 and ED448 are not supported in the current release.
- Unsigned zone delegations using the same nameservers as a signed parent zone may fail validation (DPT-266)