Hello, Am I correct that Unbound cannot require DNSSEC validation for its resolution?
The general DNS use case would call for security of validated insecurity, but other situations are possible too. * You do not want to trust TLSA / CERT / … records that have not been validated * Kerberos5 tends to mistrust DNS, but inasfar as records are signed that coudl be corrected * An application at a CA might have a policy to only trust signed portions of DNS So, if I am correct and there is no way to enforce DNSSEC validation on everything returned, then could such an option be added in future versions? Thanks, -Rick _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
