Browse Source

the world is not ready for dnssec enabled by default

OPENBSD_6_5
florian 5 years ago
parent
commit
51db86f898
1 changed files with 8 additions and 6 deletions
  1. +8
    -6
      src/etc/unbound.conf

+ 8
- 6
src/etc/unbound.conf View File

@ -1,4 +1,4 @@
# $OpenBSD: unbound.conf,v 1.11 2018/12/10 16:46:03 sthen Exp $
# $OpenBSD: unbound.conf,v 1.12 2018/12/11 19:16:36 florian Exp $
server: server:
interface: 127.0.0.1 interface: 127.0.0.1
@ -19,12 +19,14 @@ server:
hide-identity: yes hide-identity: yes
hide-version: yes hide-version: yes
# Enable DNSSEC validation.
auto-trust-anchor-file: "/var/unbound/db/root.key"
val-log-level: 2
# Uncomment to enable DNSSEC validation.
#
#auto-trust-anchor-file: "/var/unbound/db/root.key"
# Synthesize NXDOMAINs from DNSSEC NSEC chains. RFC 8198
aggressive-nsec: yes
# Uncomment to synthesize NXDOMAINs from DNSSEC NSEC chains
# https://tools.ietf.org/html/rfc8198
#
#aggressive-nsec: yes
# Serve zones authoritatively from Unbound to resolver clients. # Serve zones authoritatively from Unbound to resolver clients.
# Not for external service. # Not for external service.


Loading…
Cancel
Save