[Unbound-users] unbound-control set_option domain-insecure: ?
Jarno Huuskonen
jarno.huuskonen at uef.fi
Wed Jun 27 12:05:25 UTC 2012
Hi,
I'm having some problems with (unbound 1.4.17):
unbound-control set_option domain-insecure: arm.gov.
If I do:
unbound-control reload
unbound-control set_option domain-insecure: arm.gov.
and then dig @127.0.0.1 ns arm.gov.
I get validation errors (and the dig query fails with SERVFAIL):
info: validation failure <arm.gov. NS IN>: no keys have a DS with algorithm RSASHA1-NSEC3-SHA1 from 192.101.109.47 for key arm.gov. while building chain of trust
But if I put:
domain-insecure: "arm.gov." into unbound.conf
and do unbound-control reload
and then try the query (dig @127.0.0.1 ns arm.gov.) it works just fine
(w/out validation)
Is there something obvious that I'm missing ?
(man unbound-control set_option doesn't list domain-insecure as working ?)
This "workaround" seems to work:
unbound-control stub_add +i arm.gov. 127.0.0.1; unbound-control \
stub_remove arm.gov.
(but unbound-control get_option domain-insecure doesn't show arm.gov.
after this "workaround").
-Jarno
--
Jarno Huuskonen
More information about the Unbound-users
mailing list