Hi Augie, Unbound has the 'domain-insecure' option for this: http://unbound.net/documentation/unbound.conf.html
Cheers, -- Wolfgang Nagele Senior Systems and Network Administrator AusRegistry Pty Ltd Level 8, 10 Queens Road Melbourne, Victoria, Australia, 3004 Phone +61 3 9090 1756 Email: [email protected] Web: www.ausregistry.com.au The information contained in this communication is intended for the named recipients only. It is subject to copyright and may contain legally privileged and confidential information and if you are not an intended recipient you must not use, copy, distribute or take any action in reliance on it. If you have received this communication in error, please delete all copies from your system and notify us immediately. On Mar 7, 2012, at 12:27 PM, Augie Schwer wrote: > Hello, I am new to Unbound, and I was wondering if there is an easy > way to exclude a particular domain from DNSSEC validation. > > For example if a popular site ( say nasa.gov ) updates their keys > incorrectly so that their domain fails validation, you contact their > admins. and with a high level of confidence you determine this is a > configuration mistake and not a security breach, you can then exclude > them from DNSSEC validation so your customers can access their site > while they fix their error. > > I think I can accomplish this with a "stub-zone", but if there is some > "skip-dnssec" configuration option, that seems easier. > > Does anyone have any suggestions or thoughts? > > > -- > Augie Schwer - [email protected] - http://schwer.us > > _______________________________________________ > Unbound-users mailing list > [email protected] > http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
