Is there a way to exclude a domain from DNSSEC validation, like
Unbound's "domain-insecure"?

For example if a popular site ( say nasa.gov ) updates their keys
incorrectly so that their domain fails validation, you contact their
admins. and with a high level of confidence you determine this is a
configuration mistake and  not a security breach, you can then
exclude them from DNSSEC validation so your customers can access their
site while they fix their error.


-- 
Augie Schwer    -    au...@schwer.us    -    http://schwer.us
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to