ioc32
commented
9 years ago Perhaps we should also document (FAQ?) that the we may need to remove all bogus data from unbound's cache after the validation error (via unbound-control flush_bogus)?
Closed ioc32 closed 9 years ago
ioc32
commented
9 years ago Perhaps we should also document (FAQ?) that the we may need to remove all bogus data from unbound's cache after the validation error (via unbound-control flush_bogus)?
saghul
commented
9 years ago s/enable_validation/enable_dnssec_validation/ ?
+1 To adding some FAQ for this
ioc32
commented
9 years ago Mmm.. should make it easier to understand for non-DNS folk. Updating and committing!
The validator module's logging level is set to two (log bogus DNS label and reason of failure) under the enthusiastic assumption that DNSSEC validation errors will be something between scarce and bearable.
When not, the permissive_validation option will make unbound pass replies to clients when validation fails for any domain.