Maintained by: NLnet Labs

[Unbound-users] Insisting on DNSSEC

Tom Hendrikx
Mon Jan 13 16:32:26 CET 2014


On 01/13/2014 03:32 PM, Joe Abley wrote:
> 
> On 2014-01-11, at 17:16, Anand Buddhdev <anandb at ripe.net> wrote:
> 
>> On 11/01/2014 23:00, Rick van Rein wrote:
>>
>>> Am I correct that Unbound cannot require DNSSEC validation for its
>>> resolution?
>>
>> Not sure what you are asking here.
> 
> I think the question is whether it's possible to configure an unbound validator to treat verifiably insecure data the same as bogus data when deciding how to respond to a query from a client.
> 
> The answer to that question seems to be no.
> 

I'm not sure, but might this be easy to implement within unbound using
the python plugin interface?

Tom


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20140113/e8c5bcd2/attachment.sig>