Maintained by: NLnet Labs

[Unbound-users] Insisting on DNSSEC

Tony Finch
Mon Jan 13 18:27:00 CET 2014

Rick van Rein <rick at> wrote:
> I *think* I am asking for something new — namely, to insist on presence
> of DNSSEC and proper validation on it.  In other words, to be able to
> neglect anything that is not properly signed.

Not that new - look at BIND's dnssec-must-be-secure option.

f.anthony.n.finch  <dot at>
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
occasionally poor at first.