On Thu, Aug 23, 2012 at 12:22:03PM +0200, Jan-Piet Mens wrote: > > The solution for not having to create such a large configuration file might > > be that someone, probably the alternative root or TLD operators, could > > create > > a DLV-registery. > > DLV is basically a DNS zone which contains a DLV RR for each domain it > handles. The rdata of the DLV is what you'd normally put in the DS RR > for the zone. > > e.g. > > $ dig +noall +answer qupps.biz DS > qupps.biz. 3899 IN DS 27112 5 1 > 483610EFD4991F0AC114F44747061E3603D56C86 > > $ dig +noall +answer qupps.biz.dlv.isc.org DLV > qupps.biz.dlv.isc.org. 3356 IN DLV 27112 5 1 > 483610EFD4991F0AC114F44747061E3603D56C86 > > Regards, > > -JP
It was mostly the details I wasn't sure about. The first thing I would try is to create an alternative unsigned root and a DLV-repository with all the signed TLDs, then you add a trust-anchor for the domain of the DLV-repository to the recursor. I would guess that would work. _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
