validate by default.

git-svn-id: file:///svn/unbound/trunk@563 be551aaa-1e26-0410-a405-d3ace91eadb9

doc/Changelog

@@ -1,6 +1,8 @@
 29 August 2007: Wouter
 	- test tool to sign rrsets for testing validator with.
 	- added RSA and DSA test keys, public and private pairs, 512 bits.
+	- default configuration is with validation enabled.
+	  Only a trust-anchor needs to be configured for DNSSEC to work.
 
 28 August 2007: Wouter
 	- removed double use for udp buffers, that could fail,

doc/unbound.conf.5

@@ -187,7 +187,8 @@ the portnumber will block other port numbers.
 Module configuration, a list of module names separated by spaces, surround
 the string with quotes (""). The modules can be validator, iterator.
 Setting this to "iterator" will result in a non-validating server.
-Setting this to "validator iterator" will turn on validation.
+Setting this to "validator iterator" will turn on DNSSEC validation.
+You must also set trust-anchors for validation to be useful.
 .It \fBtrust-anchor-file:\fR <filename>
 File with trusted keys for validation. Both DS and DNSKEY entries can appear
 in the file. The format of the file is the standard DNS Zone file format.

util/config_file.c

@@ -117,7 +117,7 @@ config_create()
 	cfg->val_date_override = 0;
 	cfg->val_clean_additional = 1;
 	cfg->val_permissive_mode = 0;
-	if(!(cfg->module_conf = strdup("iterator"))) goto error_exit;
+	if(!(cfg->module_conf = strdup("validator iterator"))) goto error_exit;
 	return cfg;
 error_exit:
 	config_delete(cfg);