DNSSEC enabled in default unbound(8) configuration

by
from OpenBSD Journal on (#4TY8V)

DNSSEC validation has been enabled in the defaultunbound.conf(5)in -current.The relevant commits werefromJob Snijders (job@)

CVSROOT:/cvsModule name:srcChanges by:job@cvs.openbsd.org2019/11/07 05:49:45Modified files:etc : unbound.conf Log message:Enable DNSSEC validation in unbound by defaultOK deraadt@ otto@

andfromStuart Henderson (sthen@)

CVSROOT:/cvsModule name:srcChanges by:sthen@cvs.openbsd.org2019/11/07 08:46:37Modified files:etc : unbound.conf Log message:Reenable "val-log-level: 2", so that when sites have misconfigureddnssec the sysadmin has some idea what's going on in logs, and"aggressive-nsec: yes", if we're using dnssec anyway we might as wellget the benefits. These were both enabled last time dnssec was enabledin this sample unbound.conf.ok florian@

This wasattempted late last year, but revertedbecause ofdifficulties bootstrapping machines with incorrect clocks.

Read more"

External Content
Source RSS or Atom Feed
Feed Location http://undeadly.org/cgi?action=rss
Feed Title OpenBSD Journal
Feed Link http://undeadly.org/
Reply 0 comments