Maintained by: NLnet Labs

[Unbound-users] Insisting on DNSSEC

Joe Abley
Mon Jan 13 15:32:10 CET 2014

On 2014-01-11, at 17:16, Anand Buddhdev <anandb at> wrote:

> On 11/01/2014 23:00, Rick van Rein wrote:
>> Am I correct that Unbound cannot require DNSSEC validation for its
>> resolution?
> Not sure what you are asking here.

I think the question is whether it's possible to configure an unbound validator to treat verifiably insecure data the same as bogus data when deciding how to respond to a query from a client.

The answer to that question seems to be no.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <>