29 August 2007: Wouter
- test tool to sign rrsets for testing validator with.
- added RSA and DSA test keys, public and private pairs, 512 bits.
+ - default configuration is with validation enabled.
+ Only a trust-anchor needs to be configured for DNSSEC to work.
28 August 2007: Wouter
- removed double use for udp buffers, that could fail,
Module configuration, a list of module names separated by spaces, surround
the string with quotes (""). The modules can be validator, iterator.
Setting this to "iterator" will result in a non-validating server.
-Setting this to "validator iterator" will turn on validation.
+Setting this to "validator iterator" will turn on DNSSEC validation.
+You must also set trust-anchors for validation to be useful.
.It \fBtrust-anchor-file:\fR <filename>
File with trusted keys for validation. Both DS and DNSKEY entries can appear
in the file. The format of the file is the standard DNS Zone file format.
cfg->val_date_override = 0;
cfg->val_clean_additional = 1;
cfg->val_permissive_mode = 0;
- if(!(cfg->module_conf = strdup("iterator"))) goto error_exit;
+ if(!(cfg->module_conf = strdup("validator iterator"))) goto error_exit;
return cfg;
error_exit:
config_delete(cfg);
projects / thirdparty / unbound.git / commitdiff
