Maintained by: NLnet Labs

[Unbound-users] DNSSEC validation by default?

Wouter Wijngaards
Thu Aug 7 16:59:39 CEST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Roy Arends wrote:
| Can we make that behavior configurable?
|
| Roy

Well. I would rather not.

The default would need to be the safe behaviour.  And the number of
users that need the unsafe behaviour is very small.  Is an upgrade of
the other software an option? (it was expecting AD bits in replies, so
it can be made to set them in queries, I would think).

Best regards,
~   Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkibDdsACgkQkDLqNwOhpPhF5ACfbHIS9OPecoB7OfKGI868gOLa
07kAoKPv0ad55iZ+AvhRtfsabUImTeBI
=F3Xd
-----END PGP SIGNATURE-----