diff options
| author | Florian Obser <florian@cvs.openbsd.org> | 2018-12-07 09:21:09 +0000 |
|---|---|---|
| committer | Florian Obser <florian@cvs.openbsd.org> | 2018-12-07 09:21:09 +0000 |
| commit | 91e4ae9c69fa65c435d9fef9d41fffa4e02e2219 (patch) | |
| tree | f21d16d98d8bd1524943ad5f49b42bd0a2157efb | |
| parent | f5c8a8bfa8e3d799cd453a3339e8913708117492 (diff) | |
Enable DNSSEC validation.
Requested by & OK claudio
Input & OK sthen
OK job, solene
Various commenting that they run with validation since a long time
without issues.
| -rw-r--r-- | etc/unbound.conf | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/etc/unbound.conf b/etc/unbound.conf index 03eb985862e..a523ab6f2df 100644 --- a/etc/unbound.conf +++ b/etc/unbound.conf @@ -1,4 +1,4 @@ -# $OpenBSD: unbound.conf,v 1.8 2018/03/29 20:40:22 florian Exp $ +# $OpenBSD: unbound.conf,v 1.9 2018/12/07 09:21:08 florian Exp $ server: interface: 127.0.0.1 @@ -24,14 +24,12 @@ server: # #qname-minimisation: yes - # Uncomment to enable DNSSEC validation. - # - #auto-trust-anchor-file: "/var/unbound/db/root.key" + # Enable DNSSEC validation. + auto-trust-anchor-file: "/var/unbound/db/root.key" + val-log-level: 2 - # Uncomment to synthesize NXDOMAINs from DNSSEC NSEC chains - # https://tools.ietf.org/html/rfc8198 - # - #aggressive-nsec: yes + # Synthesize NXDOMAINs from DNSSEC NSEC chains. RFC 8198 + aggressive-nsec: yes # Serve zones authoritatively from Unbound to resolver clients. # Not for external service. |