[Unbound-users] Insisting on DNSSEC
Phil Mayers
p.mayers at imperial.ac.uk
Mon Jan 13 15:55:47 UTC 2014
On 13/01/2014 15:47, Rick van Rein wrote:
> Hello,
>
>> I understand what you want and agree with you it would be nice to have this functionality.
>> One way to do this is to run a local resolver behind a proxy that translates all answers w/o AD bit to an
>> empty answer with RCODE>0, not sure what RCODE
>
> Scary stuff. Very, very hacky.
Shrug. As opposed to what - violating the DNS RFC?
If you want "hacky", how about an LD_PRELOAD library that patches the
resolver queries and enforces AD=1 ;o)
More information about the Unbound-users
mailing list