Discussion:
[Unbound-users] list_insecure in unbound-control
Jelte Jansen
2015-04-06 19:49:53 UTC
Permalink
Hi,

not too long ago two new commands appeared in unbound-control;
insecure_add and insecure_remove, to manage negative trust anchors.

These are great and I want to make use of them, but I could not find a
way to list the current negative trust anchors, which would be a very
useful command as well for what I'm thinking of.

I've attached a patch that adds a list_insecure option; it goes through
the anchors and prints the domain name of each anchor without DS or
DNSKEY records.

Please consider this for inclusion in the next release. Or, if I am
simply blind and such an option did exist already, please ignore this
patch and kindly point me in the right direction :)

Jelte
W.C.A. Wijngaards
2015-04-07 14:16:31 UTC
Permalink
Hi Jelte,
Post by Jelte Jansen
Hi,
not too long ago two new commands appeared in unbound-control;
insecure_add and insecure_remove, to manage negative trust
anchors.
These are great and I want to make use of them, but I could not
find a way to list the current negative trust anchors, which would
be a very useful command as well for what I'm thinking of.
I've attached a patch that adds a list_insecure option; it goes
through the anchors and prints the domain name of each anchor
without DS or DNSKEY records.
Please consider this for inclusion in the next release. Or, if I
am simply blind and such an option did exist already, please ignore
this patch and kindly point me in the right direction :)
Yes thank you for the patch :-)

Best regards,
Wouter

Loading...