Hi Angus,
On 08/01/2025 08:43, Subscriptions via Unbound-users wrote:
Hello folks
I'm evaluating unbound for server networks, I have it running in a
couple of environments already and am quite happy.
I wondered if you could help me to understand - with the validator
module enabled, does DNS resolution still work for public DNS servers/
domains that do not have DNSSEC enabled? I presume yes ...
Indeed.
... I had to explicitly tell unbound not to use validation for my
internal/private stub-zones, which is what got me wondering.
This is to avoid public DNSSEC to deny your internal zone. For example,
if the zone you are using internally either exists and needs to be
signed, or doesn't exist in a secure zone.
Best regards,
-- Yorgos
