Hello, I conducted a small test with the cool 'local-data' feature of Unbound in combination with a signed zone. It seems to work, be it in an 'insecure' way for the 'local-data'.
My intuition tells me I might be doing something unnatural here, off which I might not completely oversee the consequences. Basically what I am wondering is if anyone has an opinion on this? I am not exactly sure what think of it. For example, Windows 7 has a policy-option in the “Name Resolution Policy Table” to demand DNSSEC for certain domains (never actually tried it): https://www.dnssec.nl/pipermail/dnssec/attachments/20100120/ab304386/attachment-0001.png You get the picture; When 'local-data' is used, Unbound might return insecure answers, with no 'ad'-flag set, for a zone that is expected to be secure. I guess the way it works now is the best way to go, so I am not advocating any changes here. Just wondering about other people's opinion on this. Regards, -- Marco _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
