[Unbound-users] How to define a root "ceiling" with validating client resolvers

Keith Kaple kak at cisco.com
Mon Oct 22 20:54:51 UTC 2012


Hi,

I'm new to the API for client resolvers using libunbound and am setting up a lab that will have many subdomains.

An example: big.red.liar.lab.cisco.com

I am only authoritative and can only control signing zones at 'lab' and below.  So I just want to define that level to be the root domain and stop verification of DS records as if lab.cisco.com was the root zone because the next level up will not have a DS record for me.  What is a good practice for doing this with libunbound?

This is just for development purposes to prove out some concepts involving going up the chain of authority.

Is this a valid question or should I be thinking about it differently?

thanks,

Keith




More information about the Unbound-users mailing list