Can DNSSEC resolvers pass through all mangling CPEs?

Rick van Rein rick at
Mon Jan 4 12:50:21 UTC 2016

Hi Tony / list,

> DNSSEC detects and blocks mangling, it does not bypass it.

Thanks, I know.

What I am wondering is if the approach of recursive resolution, not explicitly going through the CPE, suffices to avoid mangling.  The CPE *could* still force control over DNS traffic on account of target port 53, and I am wondering if this happens.


More information about the Unbound-users mailing list