Hello, I am new to Unbound, and I was wondering if there is an easy way to exclude a particular domain from DNSSEC validation.
For example if a popular site ( say nasa.gov ) updates their keys incorrectly so that their domain fails validation, you contact their admins. and with a high level of confidence you determine this is a configuration mistake and not a security breach, you can then exclude them from DNSSEC validation so your customers can access their site while they fix their error. I think I can accomplish this with a "stub-zone", but if there is some "skip-dnssec" configuration option, that seems easier. Does anyone have any suggestions or thoughts? -- Augie Schwer - [email protected] - http://schwer.us _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
