not have the same trust anchors and decides to insert unsigned NS
record in authority section.
git-svn-id: file:///svn/unbound/trunk@3329 be551aaa-1e26-0410-a405-d3ace91eadb9
the DS record. Also, trust anchors, DLV, and RFC5011 receive this,
and thus, if you have multiple algorithms in your trust-anchor-file
then it will now behave different than before. Also, 5011 rollover
for algorithms needs to be double-signature until the old algorithm
is revoked.
git-svn-id: file:///svn/unbound/trunk@2358 be551aaa-1e26-0410-a405-d3ace91eadb9
the zone has a secure delegation hosted on the same server did not
verify as secure (it was insecure by mistake).
git-svn-id: file:///svn/unbound/trunk@2275 be551aaa-1e26-0410-a405-d3ace91eadb9
Lampe. The negative cache did not include proper SOA records for
negative qtype DS responses which makes BIND barf on it, such
responses are now only used internally.
- Fix negative cache lookup of closestencloser check of DS type bit.
git-svn-id: file:///svn/unbound/trunk@1932 be551aaa-1e26-0410-a405-d3ace91eadb9
applications. It is in result->why_bogus, a zero-terminated string.
unbound-host prints it by default if a result is bogus.
Also the errinf is public in module_qstate (for other modules).
Binary API different. bumped library ABI version.
git-svn-id: file:///svn/unbound/trunk@1874 be551aaa-1e26-0410-a405-d3ace91eadb9
the NSEC3 patch.
- val-log-level: 2 shows extended error information for validation
failures, but still one (longish) line per failure. For example:
validation failure <example.com. DNSKEY IN>: signature expired from
192.0.2.4 for trust anchor example.com. while building chain of trust
validation failure <www.example.com. A IN>: no signatures from
192.0.2.6 for key example.com. while building chain of trust
git-svn-id: file:///svn/unbound/trunk@1868 be551aaa-1e26-0410-a405-d3ace91eadb9
