-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Stephan,
This is because of the discussion on dnsext, where I am asking if this is the spec? Your configuration sets a fixed trust anchor (with revoke flag) without enabling 5011 for that domain name. Thus unbound treats that flag just like any other unknown flag (or like the SEP flag, that is, a hint for operators. If you had enabled 5011 for the domain it would have followed 5011 for that revoke flag. You think that 5011 applies to *all* domains? Also non-trustanchors? This discussion could better be on namedroppers. Best regards, Wouter On 08/05/2010 01:37 AM, Stephan Lagerholm wrote: > DLV is was not used so it couldn't really be the problem. > > Even if it would, the key in DLV (41992) is still active and correct. > The revoked key is 35655 (was 35524 before it got revoked if I do the > math correctly). > > I say that the parser is wrong to accept a key with flag 385 at all. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkxaYrQACgkQkDLqNwOhpPiTMgCfXPuvZqicQSg3AsoB3QIFyh/K 0LcAn078QvHwTpLg6NQSVYv9C2S5RRE9 =AR2J -----END PGP SIGNATURE----- _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
