[Unbound-users] Insisting on DNSSEC
Paul Wouters
paul at nohats.ca
Sun Jan 12 03:20:22 UTC 2014
On Sun, 12 Jan 2014, Rick van Rein wrote:
> I *think* I am asking for something new — namely, to insist on presence of DNSSEC and proper validation on it. In other words, to be able to neglect anything that is not properly signed.
If an application wants to insist on DNSSEC, they simple need to query
and check for the AD bit being set. It's not up to the resolver to
set application policy.
Paul
More information about the Unbound-users
mailing list