Exclude a domain from DNSSEC validation, like Unbound's "domain-insecure".

Gilles Massen gilles.massen at restena.lu
Mon Apr 30 21:09:34 UTC 2012

On 30/4/12 13:56 , Chris Thompson wrote:

>> http://tools.ietf.org/html/draft-livingood-negative-trust-anchors-01
>> Being actively discussed on DNSOP list   
> It *was* being actively discussed there, up until about 10 days ago. Since
> then the participants seem to have stopped, maybe from sheer exhaustion, as
> it was pretty clear that there were irreconcilable opinions on the subject.
> It may be worth noting in the bind-users context that ISC's [quick check -
> what is he these days - ah yes...] Chairman & Chief Scientist expressed
> fairly, well, negative opinions about negative trust anchors, which maybe
> does not bode well for them ever appearing in BIND.

Like lying resolvers or NXdomain redirection? And irrespectively of how
much I disagree with these, this it not to say that one should never
change his mind.


More information about the bind-users mailing list