I have just tried to use dnssec-trigger in a partially blocked DNS. It is easy ti simulate by blocking udp and tcp port 53 on IPv4 but not on IPv6 or vice versa. device=... for proto in udp tcp; do $command -A OUTPUT -o $device --proto $proto --dport 53 -j REJECT; done In this case dnssec-trigger didn't detect that direct DNS is (partially) blocked and concluded that it is fully usable. As a result, only some names could be resolved while others could not.
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle. Changing version to '22'. More information and reason for this action is here: https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.
This bug appears to have been reported against 'rawhide' during the Fedora 25 development cycle. Changing version to '25'.
I'm no longer sure why I filed this ticket as DNS servers should generally answer any requests whether they are on IPv4 or IPv6.