interaction of validation and local stubs and forwarders
Måns Nilsson
mansaxel at besserwisser.org
Thu Jan 22 11:40:38 UTC 2026
Subject: Re: interaction of validation and local stubs and forwarders Date: Tue, Jan 13, 2026 at 03:09:19PM +0100 Quoting Petr Menšík via Unbound-users (unbound-users at lists.nlnetlabs.nl):
> I think you want to be independent on parent domain. That should be possibly
> by configuring your own trust anchor for namn.se KSK key.
>
> Then it should be possible to query your DS or DNSKEY, choose only KSK key
> and add it as trust anchor to your validating clients. Unbound should
> validate only up to first trusted anchor. If that is your domain, it should
> not need to validate any parent records.
Yes, that makes sense for when the child is signed.
--
Måns Nilsson primary/secondary/besserwisser/machina
MN-1334-RIPE SA0XLR +46 705 989668
Now I'm concentrating on a specific tank battle toward the end of World War II!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20260122/bedbd9b8/attachment.bin>
More information about the Unbound-users
mailing list