Browse Source

Enable DNSSEC validation.

Requested by & OK claudio
Input & OK sthen
OK job, solene
Various commenting that they run with validation since a long time
without issues.
OPENBSD_6_5
florian 6 years ago
parent
commit
bd228d0e6e
1 changed files with 6 additions and 8 deletions
  1. +6
    -8
      src/etc/unbound.conf

+ 6
- 8
src/etc/unbound.conf View File

@ -1,4 +1,4 @@
# $OpenBSD: unbound.conf,v 1.8 2018/03/29 20:40:22 florian Exp $
# $OpenBSD: unbound.conf,v 1.9 2018/12/07 09:21:08 florian Exp $
server:
interface: 127.0.0.1
@ -24,14 +24,12 @@ server:
#
#qname-minimisation: yes
# Uncomment to enable DNSSEC validation.
#
#auto-trust-anchor-file: "/var/unbound/db/root.key"
# Enable DNSSEC validation.
auto-trust-anchor-file: "/var/unbound/db/root.key"
val-log-level: 2
# Uncomment to synthesize NXDOMAINs from DNSSEC NSEC chains
# https://tools.ietf.org/html/rfc8198
#
#aggressive-nsec: yes
# Synthesize NXDOMAINs from DNSSEC NSEC chains. RFC 8198
aggressive-nsec: yes
# Serve zones authoritatively from Unbound to resolver clients.
# Not for external service.


Loading…
Cancel
Save