Maintained by: NLnet Labs

[Unbound-users] "Tunnel" dnssec through local forward-zone?

Paul Wouters
Tue Jul 26 18:11:46 CEST 2011


On Tue, 26 Jul 2011, Leen Besselink wrote:

> Are you sure 8.8.8.8 supports DNSSEC ? Because than I would have
> expected this to work:
>
> $ cat /etc/resolv.conf
> nameserver 8.8.8.8
> $ ./unbound-host -h | grep Version # with ldns-1.6.10 and only one
> configure option: --disable-gost
> Version 1.4.12

note unbound-host uses configuration from /etc/unbound/unbound.conf and not the system
resolver.

You're right, google does not yet fully support all DNSSEC records. It does support
returning RRSIGs and DNSKEYs but it does not seem to support DS records yet.

Paul