Maintained by: NLnet Labs

[Unbound-users] How to disable DNSSEC validation

W.C.A. Wijngaards
Wed Dec 4 14:23:56 CET 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Tomas,

You can set permissive mode at runtime (val-permissive-mode: yes).
Another way may be to edit the config file; and remove the trust
anchors and reload it.

(there is even documentation for this:
http://unbound.net/documentation/howto_turnoff_dnssec.html )

Best regards, Wouter

On 12/04/2013 01:57 PM, Tomas Hozza wrote:
> Hi.
> 
> I would like to ask if there is any way how can I disable the
> DNSSEC validation for ALL domains using unbound-control?
> 
> I know it can be done by changing the "module-config". However I
> need to do it just by calling unbound-control during the runtime.
> 
> I tried: # unbound-control insecure_add . # unbound-control
> flush_zone .
> 
> But unbound is still validating.
> 
> Thanks in advance for your help.
> 
> Regards, Tomas Hozza 
> _______________________________________________ Unbound-users
> mailing list Unbound-users at unbound.net 
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSnyzsAAoJEJ9vHC1+BF+NK6QP/1iAvjxiGZ7vFZ8e45FFMiYt
s5Pp33uyAbZ43a/7K53iyynJ+rXEywfhoDP0TSYGfCmBwHtNkTiVydUKf6wEbdqQ
cRFAr9kd/MTd1sNoUL7nfK4WIUGMaqz7ScdrOgnSf8Fmwccb7rYHavFTVMReUvN1
Y0ZSgsewZgyNlSt+1ms9kbswxqXY5j+7gJshA+HzR1TiKBpzo1MSUm9ju5jaNzZK
I1BBbjn81dspjJgRVLnRVssHY/eUkzdDvQLFb/mC2UvZi/svTrfgqBafL5jAbU8/
tthu9DSx7mQ1QaM7Che9a10eA6QWYrw6whQUNjdqZR0/eRPc2zUjnE68gluzLui2
G74tg6Q8t4wkiwAYV2Mz8KJ/Ci3L7Tj98nVoUO9s3Dnwh4vHl+HZwGu642/UoE18
V9nNFgktd20M5zA8gwOC2qLl3vGRRbLf5oD7jAEfY7LBsfze9+WndxrURKfCko1+
vTm1v8kx7uKnvge7LMDuO9Wqfj3NUo49ddDco1n5dh8K9bSp6Zs4nS045uMRIvZj
+7wyiSyorrbMk7uBekRlb0soVsoW+oyenz/AHUswU/PfDZQDOFEYSUgje8hgrk44
Hei+329Dc5Ks12uRcykPCWJIHNHOatVfKRnYnKF9TzoFxwBit9tnFPCjYt3K/iXY
sbCK7qoR5UArmHQp9D/X
=tEuQ
-----END PGP SIGNATURE-----