Maintained by: NLnet Labs

"domain-insecure" no longer necessary?

Stephane Bortzmeyer
Sun May 8 16:12:35 CEST 2016

I have some dummy domains (not existing in the real public DNS) in my
unbound.conf, using "forward-zone". It seems to me that it was
necessary to add also "domain-insecure" for these domains when their
parent is signed.

But I just added a second-level domain of a signed TLD as
"forward-zone" and it worked fine without "domain-insecure".

Did anything change in the semantics of forward-zone?

Version 1.5.8
linked libs: libevent 2.0.22-stable (it uses epoll), OpenSSL 1.0.2h  3
May 2016
linked modules: dns64 validator iterator