----- Original Message ----- > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi Tomas, > > You can set permissive mode at runtime (val-permissive-mode: yes). > Another way may be to edit the config file; and remove the trust > anchors and reload it.
Setting val-permissive-mode to yes unsing unbound-control during the runtime does not work. root@thozza-pc /home/thozza # dig @127.0.0.1 www.dnssec-failed.org ; <<>> DiG 9.9.3-rl.13207.22-P2-RedHat-9.9.3-11.P2.fc19 <<>> @127.0.0.1 www.dnssec-failed.org ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 27325 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.dnssec-failed.org. IN A ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Dec 04 15:55:23 CET 2013 ;; MSG SIZE rcvd: 50 root@thozza-pc /home/thozza # unbound-control get_option val-permissive-mode no root@thozza-pc /home/thozza # unbound-control set_option val-permissive-mode: yes ok root@thozza-pc /home/thozza # unbound-control flush_zone . ok removed 209 rrsets, 214 messages and 10 key entries root@thozza-pc /home/thozza # dig @127.0.0.1 www.dnssec-failed.org ; <<>> DiG 9.9.3-rl.13207.22-P2-RedHat-9.9.3-11.P2.fc19 <<>> @127.0.0.1 www.dnssec-failed.org ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 47988 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.dnssec-failed.org. IN A ;; Query time: 3826 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Dec 04 15:56:08 CET 2013 ;; MSG SIZE rcvd: 50 root@thozza-pc /home/thozza # unbound-control get_option val-permissive-mode yes > (there is even documentation for this: > http://unbound.net/documentation/howto_turnoff_dnssec.html ) I know, but the 'val-permissive-mode' is not listen in the unbound-control man page as supported option when using set_option command. I guess there is no other way, but to change the unbound.conf and reload the server. Regards, Tomas Hozza _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
