val-permissive-mode not working via unbound-control ?
W.C.A. Wijngaards
wouter at nlnetlabs.nl
Wed Jun 7 07:01:51 UTC 2017
Hi Paul,
This was caused by copy of the setting at initialisation, but now I've
fixed it so that it uses the config structure, and unbound-control
should be able to control val-permissive-mode (combine with flush_bogus
to remove the cached validation failures), and val-clean-additional.
Best regards, Wouter
On 06/06/17 22:48, Paul Wouters via Unbound-users wrote:
>
> I tried the following:
>
> service unbound restart
> sudo unbound-control set_option val-permissive-mode: yes
> dig www.dnssec-failed.org
>
> But that still gives a servfail.
>
> Sprinking various flush_* options also did not seem to help.
>
> Is this a bug or a feature? :)
>
> Setting val-permissive-mode: yes in unbound.conf and restarting
> does work as expected.
>
> Paul
> ps. don't test this using dnssec-tools.org as test.dnssec-tools.org
> seems to have lost its DS record so all test domains are insecure
> and no longer bogus :P
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20170607/a74ede76/attachment.bin>
More information about the Unbound-users
mailing list