On 11/01/2014 23:00, Rick van Rein wrote: Hi Rick,
> Am I correct that Unbound cannot require DNSSEC validation for its > resolution? Not sure what you are asking here. If unbound is configured with the root trust anchor, it will validate everything it can. Of course, if a zone is not signed, then there's nothing to validate. Additionally, a user can send a query with the CD flag set, and then unbound will send results, even if validation failed. Are you suggesting that unbound ignore the CD flag? Or are you asking for something else? Anand Buddhdev RIPE NCC _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
