rfc6761 compliance

A. Schulze sca at andreasschulze.de
Fri Sep 11 06:17:37 UTC 2015


the RFC 6761 give some advise how caching DNS servers SHOULD
handle queries for reserved domains. Mostly it say
"do not send queries to the root name servers"

... point 4 in any case ...
http://tools.ietf.org/html/rfc6761#section-6.2 ( domain "test." )
http://tools.ietf.org/html/rfc6761#section-6.4 ( domain "invalid." )

looks like unbound don't follow that "SHOULD" recommendations.
it this a miss-configuration on my side ?

my unbound.conf:
          ip-address: ::1
          chroot: /chroot/unbound
          do-daemonize: no
          val-log-level: 2
          trust-anchor: ". DS 19036 8 2  
          # other options

adding local-zone statements make unbound fixes the "un-conformance" here.

         local-zone: "test." static
         local-zone: "invalid." static


More information about the Unbound-users mailing list