Exclude a domain from DNSSEC validation, like Unbound's "domain-insecure".
Carl Byington
carl at byington.org
Wed Feb 6 05:05:25 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 2013-02-05 at 17:01 -0800, Augie Schwer wrote:
> Is there a way to exclude a domain from DNSSEC validation, like
> Unbound's "domain-insecure"?
I have not tested this, but if you use RPZ to block the DS record for
nasa.gov, that should turn it into an insecure zone.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAlERvVsACgkQL6j7milTFsHTwwCfQ9uLJOAxBozthy3b9VHtu7rc
j7sAnipnnL8GmL3VrGdg/Tiko0ZZ9/ih
=xJ3x
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list