[Unbound-users] Ability to exclude a domain from DNSSEC validation?
Augie Schwer
augie.schwer at gmail.com
Wed Mar 7 01:27:25 UTC 2012
Hello, I am new to Unbound, and I was wondering if there is an easy
way to exclude a particular domain from DNSSEC validation.
For example if a popular site ( say nasa.gov ) updates their keys
incorrectly so that their domain fails validation, you contact their
admins. and with a high level of confidence you determine this is a
configuration mistake and not a security breach, you can then exclude
them from DNSSEC validation so your customers can access their site
while they fix their error.
I think I can accomplish this with a "stub-zone", but if there is some
"skip-dnssec" configuration option, that seems easier.
Does anyone have any suggestions or thoughts?
--
Augie Schwer - Augie at Schwer.us - http://schwer.us
More information about the Unbound-users
mailing list