Exclude a domain from DNSSEC validation, like Unbound's "domain-insecure".
Augie Schwer
augie.schwer at gmail.com
Thu Apr 26 17:17:06 UTC 2012
Is there a way to exclude a domain from DNSSEC validation, like
Unbound's "domain-insecure"?
For example if a popular site ( say nasa.gov ) updates their keys
incorrectly so that their domain fails validation, you contact their
admins. and with a high level of confidence you determine this is a
configuration mistake and not a security breach, you can then
exclude them from DNSSEC validation so your customers can access their
site while they fix their error.
--
Augie Schwer - Augie at Schwer.us - http://schwer.us
More information about the bind-users
mailing list