Exclude a domain from DNSSEC validation, like Unbound's "domain-insecure".

Augie Schwer augie.schwer at gmail.com
Wed Feb 6 01:01:23 UTC 2013


Is there a way to exclude a domain from DNSSEC validation, like
Unbound's "domain-insecure"?

For example if a popular site ( say nasa.gov ) updates their keys
incorrectly so that their domain fails validation, you contact their
admins. and with a high level of confidence you determine this is a
configuration mistake and  not a security breach, you can then
exclude them from DNSSEC validation so your customers can access their
site while they fix their error.


-- 
Augie Schwer    -    Augie at Schwer.us    -    http://schwer.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130205/eb6b37ab/attachment.html>


More information about the bind-users mailing list