diff options
| author | Stuart Henderson <sthen@cvs.openbsd.org> | 2019-11-07 15:46:38 +0000 |
|---|---|---|
| committer | Stuart Henderson <sthen@cvs.openbsd.org> | 2019-11-07 15:46:38 +0000 |
| commit | c9b62a447b74088ad74b60c7c88396bc77f6e60f (patch) | |
| tree | dcef7cbd383ca2906f7fba3d1125fe862b9c96d6 /etc | |
| parent | d18909264a963f16131d3a66b909ccd966e88955 (diff) | |
Reenable "val-log-level: 2", so that when sites have misconfigured
dnssec the sysadmin has some idea what's going on in logs, and
"aggressive-nsec: yes", if we're using dnssec anyway we might as well
get the benefits. These were both enabled last time dnssec was enabled
in this sample unbound.conf.
ok florian@
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/unbound.conf | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/etc/unbound.conf b/etc/unbound.conf index b46847e3a31..528405a9fac 100644 --- a/etc/unbound.conf +++ b/etc/unbound.conf @@ -1,4 +1,4 @@ -# $OpenBSD: unbound.conf,v 1.18 2019/11/07 12:49:45 job Exp $ +# $OpenBSD: unbound.conf,v 1.19 2019/11/07 15:46:37 sthen Exp $ server: interface: 127.0.0.1 @@ -22,12 +22,12 @@ server: # Perform DNSSEC validation. Comment out the below option to disable. # auto-trust-anchor-file: "/var/unbound/db/root.key" - #val-log-level: 2 + val-log-level: 2 # Uncomment to synthesize NXDOMAINs from DNSSEC NSEC chains # https://tools.ietf.org/html/rfc8198 # - #aggressive-nsec: yes + aggressive-nsec: yes # Serve zones authoritatively from Unbound to resolver clients. # Not for external service. |