retrieve TLSA record also if it is not secured by DNSSEC

John Peacock jpeacock at
Wed Feb 12 14:42:16 UTC 2020

On Wed, Feb 12, 2020 at 9:34 AM Elmar Stellnberger via Unbound-users <
unbound-users at> wrote:

> Does anyone care about this? Who has tried to retrieve the TLSA record of
> via libunbound? Why does it not return the TLSA record as
> unsafe if it is present but not signed correctly?
At least for me, that would be pointless; if I am to trust the information it
has to be signed correctly. Returning untrusted values just removes the
security and you might as well not use DANE at all.

My 2 cents

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Unbound-users mailing list