Maintained by: NLnet Labs

val-permissive-mode not working via unbound-control ?

W.C.A. Wijngaards
Wed Jun 7 09:01:51 CEST 2017


Hi Paul,

This was caused by copy of the setting at initialisation, but now I've
fixed it so that it uses the config structure, and unbound-control
should be able to control val-permissive-mode (combine with flush_bogus
to remove the cached validation failures), and val-clean-additional.

Best regards, Wouter

On 06/06/17 22:48, Paul Wouters via Unbound-users wrote:
> 
> I tried the following:
> 
> service unbound restart
> sudo unbound-control set_option val-permissive-mode: yes
> dig www.dnssec-failed.org
> 
> But that still gives a servfail.
> 
> Sprinking various flush_* options also did not seem to help.
> 
> Is this a bug or a feature? :)
> 
> Setting val-permissive-mode: yes in unbound.conf and restarting
> does work as expected.
> 
> Paul
> ps. don't test this using dnssec-tools.org as test.dnssec-tools.org
> seems to have lost its DS record so all test domains are insecure
> and no longer bogus :P


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20170607/a74ede76/attachment.sig>