Exclude a domain from DNSSEC validation, like Unbound's "domain-insecure".

Carl Byington carl at byington.org
Wed Feb 6 05:05:25 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 2013-02-05 at 17:01 -0800, Augie Schwer wrote:
> Is there a way to exclude a domain from DNSSEC validation, like
> Unbound's "domain-insecure"?

I have not tested this, but if you use RPZ to block the DS record for
nasa.gov, that should turn it into an insecure zone.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEARECAAYFAlERvVsACgkQL6j7milTFsHTwwCfQ9uLJOAxBozthy3b9VHtu7rc
j7sAnipnnL8GmL3VrGdg/Tiko0ZZ9/ih
=xJ3x
-----END PGP SIGNATURE-----






More information about the bind-users mailing list