[Unbound-users] High number of system context switches
Jan-Frode Myklebust
janfrode at tanso.net
Tue Apr 22 07:11:39 UTC 2014
On Sat, Apr 12, 2014 at 09:22:57AM +0300, Sotiris Tsimbonis wrote:
> >
> > Excuse my DNSSEC ignorance, but what's the consequence of commenting out
> > this directive? Will it still be OK to run a dnssec validating
> > nameserver, or will too much fail too validate. Or maybe lack of tld
> > trust anchor means DLV will just be ignored and served as non-validating
> > dnssec?
>
> You will not validate domains in TLDs that have not been signed yet.
What was unclear was if the DLV signed domains would SERVFAIL, or if
they would just respond with unauthenticated answer. Seems to be
unauthenticated answer, so I don't see any downside to removing the
DLV anchor.
-jf
More information about the Unbound-users
mailing list