[Unbound-users] also non-recursive support (snoop) by default?
ondrej at sury.org
Thu Feb 4 13:24:00 UTC 2010
Unbound implements non-recursive queries. Try:
$ dig +norec localhost @<your_ip>
It refuses to answer with data from cache e.g. for which he is not
authoritative (all domains expect localhost, reverse 127.0.0.1 and
::1, and the AS112 zones, and those defined by you in local-data
On Thu, Feb 4, 2010 at 11:07, Gábor Lénárt <lgb at lgb.hu> wrote:
> We have a customer complaining that he can't use "dig +trace". I have the
> idea that it's because dig in trace mode tries to fetch the list of root
> name servers in a non-recursive way, which is forbidden by unbound by
> default at least. Unbound document says, it is possible if you configure
> allow_snoop, but it also states that it should be set only for the
> administrators or so. However, our customer states, that we _must_ support
> it for every customers since, he gave this information as explanation about
> his request:
> "All name servers must implement non-recursive queries."
> Now I am a bit uncertain about the situation. If he is right, unbound is not
> RFC compatible without this snoop support configured? Also then the
> documentation of unbound should not mention that this settings should not be
> used only for the adminstrators (for debug purposes), since it seems an RFC
> (which is also an STD: STD13) requires it, so here we have a "MUST" (RFC) and
> "should not" (unbound documentation) conflict.
> Please help me to understand the situation. If it is not needed to support
> (I misunderstood the RFC, or another RFC obsolates this one, etc), please
> give me some hint what I should look for to explain the lack of this feature
> for our customer.
> Thanks a lot in advance!
> - Gábor Lénárt
> Unbound-users mailing list
> Unbound-users at unbound.net
Ondřej Surý <ondrej at sury.org>
More information about the Unbound-users