Hi,
not too long ago two new commands appeared in unbound-control;
insecure_add and insecure_remove, to manage negative trust anchors.
These are great and I want to make use of them, but I could not find a
way to list the current negative trust anchors, which would be a very
useful command as well for what I'm thinking of.
I've attached a patch that adds a list_insecure option; it goes through
the anchors and prints the domain name of each anchor without DS or
DNSKEY records.
Please consider this for inclusion in the next release. Or, if I am
simply blind and such an option did exist already, please ignore this
patch and kindly point me in the right direction 
Jelte
(attachments)
unbound_control_list_insecure.patch (1.99 KB)