Is there a way to exclude a domain from DNSSEC validation, like Unbound's "domain-insecure"?
For example if a popular site ( say nasa.gov ) updates their keys incorrectly so that their domain fails validation, you contact their admins. and with a high level of confidence you determine this is a configuration mistake and not a security breach, you can then exclude them from DNSSEC validation so your customers can access their site while they fix their error. -- Augie Schwer - au...@schwer.us - http://schwer.us _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
