validator module
Yorgos Thessalonikefs
yorgos at nlnetlabs.nl
Wed Jan 8 09:59:20 UTC 2025
Hi Angus,
On 08/01/2025 08:43, Subscriptions via Unbound-users wrote:
> Hello folks
>
> I'm evaluating unbound for server networks, I have it running in a
> couple of environments already and am quite happy.
>
> I wondered if you could help me to understand - with the validator
> module enabled, does DNS resolution still work for public DNS servers/
> domains that do not have DNSSEC enabled? I presume yes ...
Indeed.
>
> ... I had to explicitly tell unbound not to use validation for my
> internal/private stub-zones, which is what got me wondering.
This is to avoid public DNSSEC to deny your internal zone. For example,
if the zone you are using internally either exists and needs to be
signed, or doesn't exist in a secure zone.
Best regards,
-- Yorgos
More information about the Unbound-users
mailing list