[Unbound-users] bogus resolution with forwarding and DLV
Jaap Akkerhuis
jaap at NLnetLabs.nl
Mon Feb 9 00:55:27 UTC 2015
Viktor Dukhovni writes:
> On Sat, Feb 07, 2015 at 04:24:33PM +0100, Jan V?el?k wrote:
>
> > The BIND developers claim, that the behavior of BIND is correct.
> >
> > The upstream resolver (BIND) has DLV disabled and therefore uses
> > a subset of trust anchors my local resolver (Unbound) uses. And the zone
> > is insecure from the BIND's point of view.
> >
> > Ignoring the fact, that BIND adds NS records into authority from no
> > reason, omitting the NS RRSIGs is probably justifiable.
>
> I think this is another good reason to stop using DLV.
Apparenlty there are plans to do so. There will be a talk about it
at ICANN-52 (See
<http://singapore52.icann.org/en/schedule/mon-tech/agenda-ccnso-tech-09feb15-en.pdf>.)
jaap
More information about the Unbound-users
mailing list