Maintained by: NLnet Labs

[Unbound-users] Insisting on DNSSEC

Tom Hendrikx
Mon Jan 13 16:32:26 CET 2014

On 01/13/2014 03:32 PM, Joe Abley wrote:
> On 2014-01-11, at 17:16, Anand Buddhdev <anandb at> wrote:
>> On 11/01/2014 23:00, Rick van Rein wrote:
>>> Am I correct that Unbound cannot require DNSSEC validation for its
>>> resolution?
>> Not sure what you are asking here.
> I think the question is whether it's possible to configure an unbound validator to treat verifiably insecure data the same as bogus data when deciding how to respond to a query from a client.
> The answer to that question seems to be no.

I'm not sure, but might this be easy to implement within unbound using
the python plugin interface?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <>