[Unbound-users] unbound-control set_option domain-insecure: ?

Jarno Huuskonen jarno.huuskonen at uef.fi
Wed Jun 27 12:05:25 UTC 2012


I'm having some problems with (unbound 1.4.17):
unbound-control set_option domain-insecure: arm.gov.

If I do:
unbound-control reload
unbound-control set_option domain-insecure: arm.gov.

and then dig @ ns arm.gov.

I get validation errors (and the dig query fails with SERVFAIL):
info: validation failure <arm.gov. NS IN>: no keys have a DS with algorithm RSASHA1-NSEC3-SHA1 from for key arm.gov. while building chain of trust

But if I put:
domain-insecure: "arm.gov." into unbound.conf
and do unbound-control reload
and then try the query (dig @ ns arm.gov.) it works just fine
(w/out validation)

Is there something obvious that I'm missing ?
(man unbound-control set_option doesn't list domain-insecure as working ?)

This "workaround" seems to work:
unbound-control stub_add +i arm.gov.; unbound-control \
	stub_remove arm.gov.
(but unbound-control get_option domain-insecure doesn't show arm.gov.
after this "workaround").


Jarno Huuskonen

More information about the Unbound-users mailing list