"domain-insecure" no longer necessary?
Daisuke HIGASHI
daisuke.higashi at gmail.com
Sun May 8 14:35:46 UTC 2016
Hi, Stephane
Isn't that TLD signed with NSEC3 Opt-Out ?
2016-05-08 23:12 GMT+09:00 Stephane Bortzmeyer via Unbound-users
<unbound-users at unbound.net>:
> I have some dummy domains (not existing in the real public DNS) in my
> unbound.conf, using "forward-zone". It seems to me that it was
> necessary to add also "domain-insecure" for these domains when their
> parent is signed.
>
> But I just added a second-level domain of a signed TLD as
> "forward-zone" and it worked fine without "domain-insecure".
>
> Did anything change in the semantics of forward-zone?
>
> Version 1.5.8
> linked libs: libevent 2.0.22-stable (it uses epoll), OpenSSL 1.0.2h 3
> May 2016
> linked modules: dns64 validator iterator
More information about the Unbound-users
mailing list