From 134db23ea8ba648512f7fb91bb450a4da65f012d Mon Sep 17 00:00:00 2001 From: Wouter Wijngaards Date: Wed, 29 Aug 2007 13:27:21 +0000 Subject: [PATCH] validate by default. git-svn-id: file:///svn/unbound/trunk@563 be551aaa-1e26-0410-a405-d3ace91eadb9 --- doc/Changelog | 2 ++ doc/unbound.conf.5 | 3 ++- util/config_file.c | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/doc/Changelog b/doc/Changelog index dc1f28bfb..8042649d5 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,6 +1,8 @@ 29 August 2007: Wouter - test tool to sign rrsets for testing validator with. - added RSA and DSA test keys, public and private pairs, 512 bits. + - default configuration is with validation enabled. + Only a trust-anchor needs to be configured for DNSSEC to work. 28 August 2007: Wouter - removed double use for udp buffers, that could fail, diff --git a/doc/unbound.conf.5 b/doc/unbound.conf.5 index 728e2899d..dc442bb53 100644 --- a/doc/unbound.conf.5 +++ b/doc/unbound.conf.5 @@ -187,7 +187,8 @@ the portnumber will block other port numbers. Module configuration, a list of module names separated by spaces, surround the string with quotes (""). The modules can be validator, iterator. Setting this to "iterator" will result in a non-validating server. -Setting this to "validator iterator" will turn on validation. +Setting this to "validator iterator" will turn on DNSSEC validation. +You must also set trust-anchors for validation to be useful. .It \fBtrust-anchor-file:\fR File with trusted keys for validation. Both DS and DNSKEY entries can appear in the file. The format of the file is the standard DNS Zone file format. diff --git a/util/config_file.c b/util/config_file.c index 42df33d05..4c147c438 100644 --- a/util/config_file.c +++ b/util/config_file.c @@ -117,7 +117,7 @@ config_create() cfg->val_date_override = 0; cfg->val_clean_additional = 1; cfg->val_permissive_mode = 0; - if(!(cfg->module_conf = strdup("iterator"))) goto error_exit; + if(!(cfg->module_conf = strdup("validator iterator"))) goto error_exit; return cfg; error_exit: config_delete(cfg); -- 2.47.2