Maintained by: NLnet Labs

[Unbound-users] High number of system context switches

Jan-Frode Myklebust
Tue Apr 22 09:11:39 CEST 2014


On Sat, Apr 12, 2014 at 09:22:57AM +0300, Sotiris Tsimbonis wrote:
> > 
> > Excuse my DNSSEC ignorance, but what's the consequence of commenting out
> > this directive? Will it still be OK to run a dnssec validating
> > nameserver, or will too much fail too validate. Or maybe lack of tld
> > trust anchor means DLV will just be ignored and served as non-validating
> > dnssec?
> 
> You will not validate domains in TLDs that have not been signed yet.

What was unclear was if the DLV signed domains would SERVFAIL, or if
they would just respond with unauthenticated answer. Seems to be
unauthenticated answer, so I don't see any downside to removing the
DLV anchor.



  -jf