On Sat, Apr 12, 2014 at 09:22:57AM +0300, Sotiris Tsimbonis wrote: > > > > Excuse my DNSSEC ignorance, but what's the consequence of commenting out > > this directive? Will it still be OK to run a dnssec validating > > nameserver, or will too much fail too validate. Or maybe lack of tld > > trust anchor means DLV will just be ignored and served as non-validating > > dnssec? > > You will not validate domains in TLDs that have not been signed yet.
What was unclear was if the DLV signed domains would SERVFAIL, or if they would just respond with unauthenticated answer. Seems to be unauthenticated answer, so I don't see any downside to removing the DLV anchor. -jf _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
