[Unbound-users] Unbound doesn't cache ANY query result from some DNSSEC-signed zone
daisuke.higashi at gmail.com
Fri Jun 28 17:10:38 UTC 2013
2013/6/10 W.C.A. Wijngaards <wouter at nlnetlabs.nl>:
> cache-min-ttl could perhaps change unbound's behaviour here.
Thank you for your suggestion and I confirmed
that "cache-min-ttl: <small number>" leads Unbound to cache
such ANY-query results.
2013/6/10 Peter Koch <pk at denic.de>:
> I am not convinced that implementing ANY as 'all', encouraging
> false expectations, is really the right thing to do.
> Additionally, in the context of recent events - even if unbound
> would only rarely be run as open recursive - it 'helps' authoritative
> servers to see more queries.
At nameserver-side, giving non-zero TTL for NSEC3PARAM records
might be an workaround against this issue.
Unfortunately OpenDNSSEC decided to set zero-TTL
to NSEC3PARAM of signing zones .
Daisuke HIGASHI <daisuke.higashi at gmail.com>
More information about the Unbound-users