Maintained by: NLnet Labs

[Unbound-users] unbound-control set_option domain-insecure: ?

Jarno Huuskonen
Wed Jun 27 14:05:25 CEST 2012


I'm having some problems with (unbound 1.4.17):
unbound-control set_option domain-insecure:

If I do:
unbound-control reload
unbound-control set_option domain-insecure:

and then dig @ ns

I get validation errors (and the dig query fails with SERVFAIL):
info: validation failure < NS IN>: no keys have a DS with algorithm RSASHA1-NSEC3-SHA1 from for key while building chain of trust

But if I put:
domain-insecure: "" into unbound.conf
and do unbound-control reload
and then try the query (dig @ ns it works just fine
(w/out validation)

Is there something obvious that I'm missing ?
(man unbound-control set_option doesn't list domain-insecure as working ?)

This "workaround" seems to work:
unbound-control stub_add +i; unbound-control \
(but unbound-control get_option domain-insecure doesn't show
after this "workaround").


Jarno Huuskonen