On 2020/06/21 18:29, Klemens Nanni wrote: > On Sun, Jun 21, 2020 at 04:47:22PM +0100, Stuart Henderson wrote: > > An "uncomment" was left in when we reenabled dnssec by default, > > and it seems a bit pointless to say "comment out to disable". ok? > Reads better, yes. > > > Index: unbound.conf > > =================================================================== > > RCS file: /cvs/src/etc/unbound.conf,v > > retrieving revision 1.19 > > diff -u -p -r1.19 unbound.conf > > --- unbound.conf 7 Nov 2019 15:46:37 -0000 1.19 > > +++ unbound.conf 21 Jun 2020 15:46:34 -0000 > > @@ -19,12 +19,12 @@ server: > > hide-identity: yes > > hide-version: yes > > > > - # Perform DNSSEC validation. Comment out the below option to > > disable. > Your MUA broke this line, it seems.
editor actually. thanks. > > > + # Perform DNSSEC validation. > > # > > auto-trust-anchor-file: "/var/unbound/db/root.key" > > val-log-level: 2 > > > > - # Uncomment to synthesize NXDOMAINs from DNSSEC NSEC chains > > + # Synthesize NXDOMAINs from DNSSEC NSEC chains. > > # https://tools.ietf.org/html/rfc8198 > > # > > aggressive-nsec: yes > > >
