Great question (Augie) and great feedback (JP).
As DNSSEC is adopted, some type of mitigation process will be welcomed.
For that reason, I think this is on topic.
>
> From: Jan-Piet Mens
>To: bind-users@lists.isc.org
>Sent: Thursday, April 26, 2012 2:51 PM
Augie,
> Is there a way to exclude a domain from DNSSEC validation, like
> Unbound's "domain-insecure"?
That is regrettably not possible at the moment, at least not in BIND
9.9.0.
The only (quite impracticable) workaround would be to define the zone
authoritatively yourself and populate it someh
Is there a way to exclude a domain from DNSSEC validation, like
Unbound's "domain-insecure"?
For example if a popular site ( say nasa.gov ) updates their keys
incorrectly so that their domain fails validation, you contact their
admins. and with a high level of confidence you determine this is a
co
3 matches
Mail list logo
