Browse Source

Reenable "val-log-level: 2", so that when sites have misconfigured

dnssec the sysadmin has some idea what's going on in logs, and
"aggressive-nsec: yes", if we're using dnssec anyway we might as well
get the benefits. These were both enabled last time dnssec was enabled
in this sample unbound.conf.
ok florian@
OPENBSD_6_7
sthen 5 years ago
parent
commit
3ac9b78c4b
1 changed files with 3 additions and 3 deletions
  1. +3
    -3
      src/etc/unbound.conf

+ 3
- 3
src/etc/unbound.conf View File

@ -1,4 +1,4 @@
# $OpenBSD: unbound.conf,v 1.18 2019/11/07 12:49:45 job Exp $
# $OpenBSD: unbound.conf,v 1.19 2019/11/07 15:46:37 sthen Exp $
server:
interface: 127.0.0.1
@ -22,12 +22,12 @@ server:
# Perform DNSSEC validation. Comment out the below option to disable.
#
auto-trust-anchor-file: "/var/unbound/db/root.key"
#val-log-level: 2
val-log-level: 2
# Uncomment to synthesize NXDOMAINs from DNSSEC NSEC chains
# https://tools.ietf.org/html/rfc8198
#
#aggressive-nsec: yes
aggressive-nsec: yes
# Serve zones authoritatively from Unbound to resolver clients.
# Not for external service.


Loading…
Cancel
Save