[Unbound-users] bogus resolution with forwarding and DLV

Jaap Akkerhuis jaap at NLnetLabs.nl
Mon Feb 9 00:55:27 UTC 2015

 Viktor Dukhovni writes:

 > On Sat, Feb 07, 2015 at 04:24:33PM +0100, Jan V?el?k wrote:
 > > The BIND developers claim, that the behavior of BIND is correct.
 > > 
 > > The upstream resolver (BIND) has DLV disabled and therefore uses
 > > a subset of trust anchors my local resolver (Unbound) uses. And the zone
 > > is insecure from the BIND's point of view.
 > > 
 > > Ignoring the fact, that BIND adds NS records into authority from no
 > > reason, omitting the NS RRSIGs is probably justifiable.
 > I think this is another good reason to stop using DLV.

Apparenlty there are plans to do so. There will be a talk about it
at ICANN-52 (See


More information about the Unbound-users mailing list