[Unbound-users] Insisting on DNSSEC

Tom Hendrikx tom at whyscream.net
Mon Jan 13 16:32:26 CET 2014

On 01/13/2014 03:32 PM, Joe Abley wrote:
> On 2014-01-11, at 17:16, Anand Buddhdev <anandb at ripe.net> wrote:
>> On 11/01/2014 23:00, Rick van Rein wrote:
>>> Am I correct that Unbound cannot require DNSSEC validation for its
>>> resolution?
>> Not sure what you are asking here.
> I think the question is whether it's possible to configure an unbound validator to treat verifiably insecure data the same as bogus data when deciding how to respond to a query from a client.
> The answer to that question seems to be no.

I'm not sure, but might this be easy to implement within unbound using
the python plugin interface?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20140113/e8c5bcd2/attachment-0002.sig>

More information about the Unbound-users mailing list