[Unbound-users] "Tunnel" dnssec through local forward-zone?

Paul Wouters paul at xelerance.com
Tue Jul 26 16:11:46 UTC 2011


On Tue, 26 Jul 2011, Leen Besselink wrote:

> Are you sure 8.8.8.8 supports DNSSEC ? Because than I would have
> expected this to work:
>
> $ cat /etc/resolv.conf
> nameserver 8.8.8.8
> $ ./unbound-host -h | grep Version # with ldns-1.6.10 and only one
> configure option: --disable-gost
> Version 1.4.12

note unbound-host uses configuration from /etc/unbound/unbound.conf and not the system
resolver.

You're right, google does not yet fully support all DNSSEC records. It does support
returning RRSIGs and DNSKEYs but it does not seem to support DS records yet.

Paul



More information about the Unbound-users mailing list