Maintained by: NLnet Labs

[Unbound-users] DLV anchor and unsigned domains

W.C.A. Wijngaards
Thu Mar 27 15:14:44 CET 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Alan,

On 03/27/2014 02:15 PM, Alan Jurcic wrote:
> Hello,
> 
> I've tried using unbound with automatic root trust anchor and it
> works as expected, that is resolving not SERVFAILing unsigned
> domains.
> 
> When I add DLV trust anchor validator seems to mark even unsigned
> domains as bogus. Is this intended?

If your DLV provider does not answer, the security status of every
domain not in cache cannot be determined.  It must therefore be
withheld from the poor user.  Did you configure a non-working dlv domain?

Best regards,
   Wouter

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTNDJUAAoJEJ9vHC1+BF+NtrsP/jO++DkZLhWR9LeGA0P5Xp8s
0UJPwKWVBJI/sZu3bOCW1hrjiFnKbzA342ZMv2jQkcTlnlg4Cltks6kIWwkBwM59
CMp0F77oyDpFG3sbktH4Wy1Lyactsw+xjZOw98LxAxVpDQ9KE1F+ytl4dz9OGSvt
OA3PAe3IVgOC9Q0UxFNfzuZ9xypXRVWvL9V9T83ytrvdCsnBce0JVQPyzBIvG9Mh
d8pkMq7wfWxTVucWleQavQayoBH5QVnyG+YE7l7f6fNYlvVk85cdiDL7HIemc3lg
W/e3hQit7ANbXhpk9Bcvg4m7bOG5gewHM8k8fTS0ST1RsV8it3g2o80aGAOUTRjo
qmfB8YAfyEE4PZYEr3MbyGv7LmmowOS5apzIvD30gYuY5EmgmyJ6coav7FlfWxJ+
stvDslzK5ZxEHnD9iJAakc8CnbssMx6xB10MluuDymXloAcaDYOkR98Sa9Zkw/k6
q05khZig75Hyvf9hNeVgFDFwrnyGcIMRIYWdr9Q1OyjsWr+pA2Z23f8Zzl/HXz0/
3eHRVBR9gZ9dPbFkhXBJN0iLGLATEnhjJd/YJC+obsaERiQN/AhgdPheJg2CCwlO
vP/7tPc/Bt5VYWNcsnpZVA2NB1S8ZHflxvC0OeIunmXWHOn+PpK9HfBhVTsLUaiW
VQR1eAFTdB+oFp8pSSRZ
=C+Cf
-----END PGP SIGNATURE-----