Hi Paul, This was caused by copy of the setting at initialisation, but now I've fixed it so that it uses the config structure, and unbound-control should be able to control val-permissive-mode (combine with flush_bogus to remove the cached validation failures), and val-clean-additional.
Best regards, Wouter On 06/06/17 22:48, Paul Wouters via Unbound-users wrote: > > I tried the following: > > service unbound restart > sudo unbound-control set_option val-permissive-mode: yes > dig www.dnssec-failed.org > > But that still gives a servfail. > > Sprinking various flush_* options also did not seem to help. > > Is this a bug or a feature? :) > > Setting val-permissive-mode: yes in unbound.conf and restarting > does work as expected. > > Paul > ps. don't test this using dnssec-tools.org as test.dnssec-tools.org > seems to have lost its DS record so all test domains are insecure > and no longer bogus :P
signature.asc
Description: OpenPGP digital signature
