[Unbound-users] allowing cache queries but not doing recursion for "foreign" networks

Robert Edmonds edmonds at debian.org
Mon Feb 16 00:42:24 UTC 2009

Ondřej Surý wrote:
> Here's the problem. You are trying to enforce your view, since it's your current
> problem. But I hope that's never going to happen in Unbound. We are supposed
> to fixup the old wounds and not open them again and again.

> And I think we are really going offtopic - this is more general DNS issue than
> Unbound specific.

what is unbound specific is that unbound answers rd==0 queries which IMO
it should not and which made this entire pointless thread possible.
(dnscache seems to have not suffered for its decision to drop all rd==0
queries on the floor.)

other examples of user stupidity include publishing howtos like this:


which recommends the following ACL:

    access-control: allow

this one is a bit harder to prevent since really obstinate users can ask
for two /1's or four /2's...

Robert Edmonds
edmonds at debian.org

More information about the Unbound-users mailing list