mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-10 19:15:54 +02:00
b29c97b168
unbound has some trouble with validating DNSSEC-enabled domains when the upstream name server is stripping signatures from the authoritative responses. This script now checks that, removes any broken upstream name servers from the list and prints a warning. If all name servers fail the test, unbound falls back into recursor mode. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>