[Unbound-users] Insisting on DNSSEC
Anand Buddhdev
anandb at ripe.net
Sat Jan 11 22:16:05 UTC 2014
On 11/01/2014 23:00, Rick van Rein wrote:
Hi Rick,
> Am I correct that Unbound cannot require DNSSEC validation for its
> resolution?
Not sure what you are asking here. If unbound is configured with the
root trust anchor, it will validate everything it can. Of course, if a
zone is not signed, then there's nothing to validate. Additionally, a
user can send a query with the CD flag set, and then unbound will send
results, even if validation failed.
Are you suggesting that unbound ignore the CD flag? Or are you asking
for something else?
Anand Buddhdev
RIPE NCC
More information about the Unbound-users
mailing list