Maintained by: NLnet Labs

[Unbound-users] unbound-control set_option domain-insecure: ?

Jarno Huuskonen
Wed Jun 27 14:05:25 CEST 2012


Hi,

I'm having some problems with (unbound 1.4.17):
unbound-control set_option domain-insecure: arm.gov.

If I do:
unbound-control reload
unbound-control set_option domain-insecure: arm.gov.

and then dig @127.0.0.1 ns arm.gov.

I get validation errors (and the dig query fails with SERVFAIL):
info: validation failure <arm.gov. NS IN>: no keys have a DS with algorithm RSASHA1-NSEC3-SHA1 from 192.101.109.47 for key arm.gov. while building chain of trust

But if I put:
domain-insecure: "arm.gov." into unbound.conf
and do unbound-control reload
and then try the query (dig @127.0.0.1 ns arm.gov.) it works just fine
(w/out validation)

Is there something obvious that I'm missing ?
(man unbound-control set_option doesn't list domain-insecure as working ?)

This "workaround" seems to work:
unbound-control stub_add +i arm.gov. 127.0.0.1; unbound-control \
	stub_remove arm.gov.
(but unbound-control get_option domain-insecure doesn't show arm.gov.
after this "workaround").

-Jarno

-- 
Jarno Huuskonen