On Sun, Jun 21, 2020 at 04:47:22PM +0100, Stuart Henderson wrote: > An "uncomment" was left in when we reenabled dnssec by default, > and it seems a bit pointless to say "comment out to disable". ok? Reads better, yes. > Index: unbound.conf > =================================================================== > RCS file: /cvs/src/etc/unbound.conf,v > retrieving revision 1.19 > diff -u -p -r1.19 unbound.conf > --- unbound.conf 7 Nov 2019 15:46:37 -0000 1.19 > +++ unbound.conf 21 Jun 2020 15:46:34 -0000 > @@ -19,12 +19,12 @@ server: > hide-identity: yes > hide-version: yes > > - # Perform DNSSEC validation. Comment out the below option to > disable. Your MUA broke this line, it seems.
> + # Perform DNSSEC validation. > # > auto-trust-anchor-file: "/var/unbound/db/root.key" > val-log-level: 2 > > - # Uncomment to synthesize NXDOMAINs from DNSSEC NSEC chains > + # Synthesize NXDOMAINs from DNSSEC NSEC chains. > # https://tools.ietf.org/html/rfc8198 > # > aggressive-nsec: yes >