Intended usage of dnssec-must-be-secure?

Thomas Sturm lists+bind-users at nerdli.ch
Wed Feb 3 09:02:39 UTC 2016


On 03.02.2016 09:36, Mark Andrews wrote:
> No.  Insecure != invalid.  Insecure zones don't have a DNSSEC chain
> of trust to a configured trust anchor.

OK, understood. However, in the case of an unsigned private domain that 
is forwarded, it would be insecure and not invalid, right? What's the 
reason this does not work either, then?


More information about the bind-users mailing list