Closed ioc32 closed 9 years ago
Perhaps we should also document (FAQ?) that the we may need to remove all bogus data from unbound's cache after the validation error (via unbound-control flush_bogus)?
s/enable_validation/enable_dnssec_validation/ ?
+1 To adding some FAQ for this
Mmm.. should make it easier to understand for non-DNS folk. Updating and committing!
The validator module's logging level is set to two (log bogus DNS label and reason of failure) under the enthusiastic assumption that DNSSEC validation errors will be something between scarce and bearable.
When not, the permissive_validation option will make unbound pass replies to clients when validation fails for any domain.