On Wed, Feb 03, 2016 at 10:02:39AM +0100, Thomas Sturm wrote:
> OK, understood. However, in the case of an unsigned private domain that
> is forwarded, it would be insecure and not invalid, right? What's the
> reason this does not work either, then?
It is invalid. There's a TLD claiming to be a
On 03.02.2016 09:36, Mark Andrews wrote:
No. Insecure != invalid. Insecure zones don't have a DNSSEC chain
of trust to a configured trust anchor.
OK, understood. However, in the case of an unsigned private domain that
is forwarded, it would be insecure and not invalid, right? What's the
rea
On Wed, Feb 03, 2016 at 08:37:27AM +0100, Thomas Sturm wrote:
> Am I doing something wrong, or is this not the actual intended usage of
> this option?
That's not the intended usage.
dnssec-must-be-secure means what it says: the answers in this domain
*must be secure*. Everything has to be signe
In message <34d77fc23ee95386a0417bb831914...@nerdli.ch>, Thomas Sturm writes:
> Dear all,
>
> According to the documentation of the option 'dnssec-must-be-secure',
> which reads like
>
> "Specify hierarchies which must be or may not be secure (signed
> and validated). If yes, then na
4 matches
Mail list logo
