From 3cf6b014d3a9a13649b4019f822d6706be0c8083 Mon Sep 17 00:00:00 2001 From: job <> Date: Thu, 7 Nov 2019 12:49:45 +0000 Subject: [PATCH] Enable DNSSEC validation in unbound by default OK deraadt@ otto@ --- src/etc/unbound.conf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/etc/unbound.conf b/src/etc/unbound.conf index f226d77f..b46847e3 100644 --- a/src/etc/unbound.conf +++ b/src/etc/unbound.conf @@ -1,4 +1,4 @@ -# $OpenBSD: unbound.conf,v 1.17 2019/08/25 15:50:21 ajacoutot Exp $ +# $OpenBSD: unbound.conf,v 1.18 2019/11/07 12:49:45 job Exp $ server: interface: 127.0.0.1 @@ -19,9 +19,9 @@ server: hide-identity: yes hide-version: yes - # Uncomment to enable DNSSEC validation. + # Perform DNSSEC validation. Comment out the below option to disable. # - #auto-trust-anchor-file: "/var/unbound/db/root.key" + auto-trust-anchor-file: "/var/unbound/db/root.key" #val-log-level: 2 # Uncomment to synthesize NXDOMAINs from DNSSEC NSEC chains