On Mon, 22 Oct 2012, Keith Kaple wrote:
I'm new to the API for client resolvers using libunbound and am setting up a
lab that will have many subdomains.
An example: big.red.liar.lab.cisco.com
I am only authoritative and can only control signing zones at 'lab' and below.
So I just want to define that level to be the root domain and stop verification
of DS records as if lab.cisco.com was the root zone because the next level up
will not have a DS record for me. What is a good practice for doing this with
libunbound?
You can just load a trust anchor for "lab.cisco.com" using ub_ctx_add_ta()
See man page for it for details. That will "override" the lack of trust
anchors above it.
For more details, see slide 25 atL
http://people.redhat.com/pwouters/LinuxCon2012-DNSSEC.pdf
Paul
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
