[Unbound-users] Insisting on DNSSEC
anandb at ripe.net
Sat Jan 11 23:16:05 CET 2014
On 11/01/2014 23:00, Rick van Rein wrote:
> Am I correct that Unbound cannot require DNSSEC validation for its
Not sure what you are asking here. If unbound is configured with the
root trust anchor, it will validate everything it can. Of course, if a
zone is not signed, then there's nothing to validate. Additionally, a
user can send a query with the CD flag set, and then unbound will send
results, even if validation failed.
Are you suggesting that unbound ignore the CD flag? Or are you asking
for something else?
More information about the Unbound-users