message is bogus, non secure rrset with Unbound as local caching resolver

Paul Wouters paul at
Wed Mar 2 15:47:13 UTC 2016

On Wed, 2 Mar 2016, Olav Morken via Unbound-users wrote:

> Unfortunately, the BIND server only tends to return responses where the
> authority-section has NS-records but no RRSIG-record during the night.
> I suspect it has something to do with traffic levels and what other
> systems are accessing it. It makes it all a bit hard to troubleshoot.
> The main source of information for troubleshooting has been a
> combination of PCAP-files and log files.

Are you sure this is not the bind wildcard bug? Can you try to resolve
something like That's an expanded wildcard.

If so, this is the same bug as:

We have a test for this, but I don't this dnssec-trigger has included
this test yet.


More information about the Unbound-users mailing list