Exclude a domain from DNSSEC validation, like Unbound's "domain-insecure".
Augie Schwer
augie.schwer at gmail.com
Wed Feb 6 01:01:23 UTC 2013
Is there a way to exclude a domain from DNSSEC validation, like
Unbound's "domain-insecure"?
For example if a popular site ( say nasa.gov ) updates their keys
incorrectly so that their domain fails validation, you contact their
admins. and with a high level of confidence you determine this is a
configuration mistake and not a security breach, you can then
exclude them from DNSSEC validation so your customers can access their
site while they fix their error.
--
Augie Schwer - Augie at Schwer.us - http://schwer.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130205/eb6b37ab/attachment.html>
More information about the bind-users
mailing list