How to force resolution failure of an unsigned domain

Sen Dion sendion23-ux at
Sun Apr 2 19:07:29 UTC 2017

   Hello Everybody,

It looks like there is an assumption that it is an application 
responsibility to get user consent before accessing an unsigned domain 
(whenever 'ad' flag is not set).  AFAIK, that is not the case: majority 
of applications is not 'ad' flag aware.

How to prevent accesses to unsigned domains from these applications?  Is 
there a way to force resolution failure (in unbound) for an unsigned 

   Sen Dion

More information about the Unbound-users mailing list