Maintained by: NLnet Labs

[Unbound-users] Insisting on DNSSEC

Joe Abley
Mon Jan 13 15:32:10 CET 2014


On 2014-01-11, at 17:16, Anand Buddhdev <anandb at ripe.net> wrote:

> On 11/01/2014 23:00, Rick van Rein wrote:
> 
>> Am I correct that Unbound cannot require DNSSEC validation for its
>> resolution?
> 
> Not sure what you are asking here.

I think the question is whether it's possible to configure an unbound validator to treat verifiably insecure data the same as bogus data when deciding how to respond to a query from a client.

The answer to that question seems to be no.


Joe

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20140113/fe3390e7/attachment.sig>