[Unbound-users] Insisting on DNSSEC

Paul Wouters paul at nohats.ca
Sun Jan 12 04:20:22 CET 2014

On Sun, 12 Jan 2014, Rick van Rein wrote:

> I *think* I am asking for something new — namely, to insist on presence of DNSSEC and proper validation on it.  In other words, to be able to neglect anything that is not properly signed.

If an application wants to insist on DNSSEC, they simple need to query
and check for the AD bit being set. It's not up to the resolver to
set application policy.


More information about the Unbound-users mailing list