DNSSEC

Starting with Prosody 0.12.0, libunbound can be used to enable DNSSEC support.

unbound = {
    -- on Debian this file is included in the package 'root-dns-data'
    trustfile = "/usr/share/dns/root.ds";
}