val-permissive-mode not working via unbound-control ?

Unbound
1

I tried the following:

service unbound restart
sudo unbound-control set_option val-permissive-mode: yes
dig www.dnssec-failed.org

But that still gives a servfail.

Sprinking various flush_* options also did not seem to help.

Is this a bug or a feature? :slight_smile:

Setting val-permissive-mode: yes in unbound.conf and restarting
does work as expected.

Paul
ps. don't test this using dnssec-tools.org as test.dnssec-tools.org
seems to have lost its DS record so all test domains are insecure
and no longer bogus :stuck_out_tongue:

2

Hi Paul,

This was caused by copy of the setting at initialisation, but now I've
fixed it so that it uses the config structure, and unbound-control
should be able to control val-permissive-mode (combine with flush_bogus
to remove the cached validation failures), and val-clean-additional.

Best regards, Wouter