Maintained by: NLnet Labs

[Unbound-users] Exception for private domains?

W.C.A. Wijngaards
Fri Oct 8 13:44:23 CEST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Stephane,

On 10/08/2010 12:43 PM, Stephane Bortzmeyer wrote:
> At work, we use a private TLD (I did not decide, don't hit me, not my
> fault, I don't speak for my employer, etc), and a validating Unbound
> resolver was able to use it with forward-zone.
> 
> Now that the root is signed and validated, I get a SERVFAIL, probably
> because the root says NXDOMAIN.
> 
> Is there any way to tell Unbound to bypass the validation through the
> root for a given domain?

Yes, I thought this sort of deployment could be an issue.  The option:
        domain-insecure: "mytld"
tells unbound that this is a non-DNSSEC domain.  You can have multiple
such statements in unbound.conf.  (joined with trust-anchor statements,
the longest-match name applies).

Best regards,
   Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkyvBBcACgkQkDLqNwOhpPhhzgCgjqMn21uWCJO9FotWyGXsPVmu
+8wAoKe71T+oOhukdiKez35JtRNX0vpg
=2gJ0
-----END PGP SIGNATURE-----