[Unbound-users] How to define a root "ceiling" with validating client resolvers
paul at nohats.ca
Tue Oct 23 00:19:16 CEST 2012
On Mon, 22 Oct 2012, Keith Kaple wrote:
> I'm new to the API for client resolvers using libunbound and am setting up a lab that will have many subdomains.
> An example: big.red.liar.lab.cisco.com
> I am only authoritative and can only control signing zones at 'lab' and below. So I just want to define that level to be the root domain and stop verification of DS records as if lab.cisco.com was the root zone because the next level up will not have a DS record for me. What is a good practice for doing this with libunbound?
You can just load a trust anchor for "lab.cisco.com" using ub_ctx_add_ta()
See man page for it for details. That will "override" the lack of trust
anchors above it.
For more details, see slide 25 atL
More information about the Unbound-users