diff options
| author |   florian <florian@openbsd.org> | 2018-12-11 19:16:36 +0000 |
|---|---|---|
| committer | florian <florian@openbsd.org> | 2018-12-11 19:16:36 +0000 |
| commit | c7e7f6ec85e66cbfdb418a29c22bcd794a772139 (patch) | |
| tree | 116251fc10fd40ab41c25bcd574dad0073dc3113 | |
| parent | Flip snprintf(3) error check to align it with the man page example. (diff) | |
| download | wireguard-openbsd-c7e7f6ec85e66cbfdb418a29c22bcd794a772139.tar.xz wireguard-openbsd-c7e7f6ec85e66cbfdb418a29c22bcd794a772139.zip | |
the world is not ready for dnssec enabled by default
| -rw-r--r-- | etc/unbound.conf | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/etc/unbound.conf b/etc/unbound.conf index 942be2dc5d8..b832efe9ee7 100644 --- a/etc/unbound.conf +++ b/etc/unbound.conf @@ -1,4 +1,4 @@ -# $OpenBSD: unbound.conf,v 1.11 2018/12/10 16:46:03 sthen Exp $ +# $OpenBSD: unbound.conf,v 1.12 2018/12/11 19:16:36 florian Exp $ server: interface: 127.0.0.1 @@ -19,12 +19,14 @@ server: hide-identity: yes hide-version: yes - # Enable DNSSEC validation. - auto-trust-anchor-file: "/var/unbound/db/root.key" - val-log-level: 2 + # Uncomment to enable DNSSEC validation. + # + #auto-trust-anchor-file: "/var/unbound/db/root.key" - # Synthesize NXDOMAINs from DNSSEC NSEC chains. RFC 8198 - aggressive-nsec: yes + # Uncomment to synthesize NXDOMAINs from DNSSEC NSEC chains + # https://tools.ietf.org/html/rfc8198 + # + #aggressive-nsec: yes # Serve zones authoritatively from Unbound to resolver clients. # Not for external service. |