[Unbound-users] Exception for private domains?
W.C.A. Wijngaards
wouter at NLnetLabs.nl
Fri Oct 8 11:44:23 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Stephane,
On 10/08/2010 12:43 PM, Stephane Bortzmeyer wrote:
> At work, we use a private TLD (I did not decide, don't hit me, not my
> fault, I don't speak for my employer, etc), and a validating Unbound
> resolver was able to use it with forward-zone.
>
> Now that the root is signed and validated, I get a SERVFAIL, probably
> because the root says NXDOMAIN.
>
> Is there any way to tell Unbound to bypass the validation through the
> root for a given domain?
Yes, I thought this sort of deployment could be an issue. The option:
domain-insecure: "mytld"
tells unbound that this is a non-DNSSEC domain. You can have multiple
such statements in unbound.conf. (joined with trust-anchor statements,
the longest-match name applies).
Best regards,
Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkyvBBcACgkQkDLqNwOhpPhhzgCgjqMn21uWCJO9FotWyGXsPVmu
+8wAoKe71T+oOhukdiKez35JtRNX0vpg
=2gJ0
-----END PGP SIGNATURE-----
More information about the Unbound-users
mailing list