MoinQ:

1. harden\-referral\-path

.B harden\-referral\-path: \fI<yes or no>

Harden the referral path by performing additional queries for infrastructure data.

Validates the replies if trust anchors are configured and the zones are signed.  

This enforces DNSSEC validation on nameserver NS sets and the nameserver addresses that are encountered on the referral path to the answer.

Default no, because it burdens the authority servers, and it is not RFC standard, and could lead to performance problems because of the extra query load that is generated.

Experimental option.

If you enable it consider adding more numbers after the target\-fetch\-policy to increase the max depth that is checked to.

1.1. history


CategoryDns CategoryWatch CategoryTemplate

MoinQ: DNS/実装/unbound/harden-referral-path/conf (last edited 2023-08-14 10:26:10 by ToshinoriMaeno)