Hi, Stephane Isn't that TLD signed with NSEC3 Opt-Out ?
2016-05-08 23:12 GMT+09:00 Stephane Bortzmeyer via Unbound-users <[email protected]>: > I have some dummy domains (not existing in the real public DNS) in my > unbound.conf, using "forward-zone". It seems to me that it was > necessary to add also "domain-insecure" for these domains when their > parent is signed. > > But I just added a second-level domain of a signed TLD as > "forward-zone" and it worked fine without "domain-insecure". > > Did anything change in the semantics of forward-zone? > > Version 1.5.8 > linked libs: libevent 2.0.22-stable (it uses epoll), OpenSSL 1.0.2h 3 > May 2016 > linked modules: dns64 validator iterator
