message is bogus, non secure rrset with Unbound as local caching resolver
Havard Eidnes
he at uninett.no
Wed Mar 2 23:29:10 UTC 2016
>> The "right" thing is to have RRSIGs for all elements of the
>> answer and authority sections. This is mandated by
>> RFC4034,4035. All the RRsets in the answer and authority
>> section MUST validate to mark the response as valid.
>
> FYI, I've submitted a tentative bug report to the BIND maintainers
> based on my message and the one I'm replying to here, RT#41844.
And... They're not having it:
This is not a bug. Section 3.1.1 applies to authoritative nameservers
not intermediate caching nameservers. In this case you are seeing the
referral which is unsigned being returned from the cache.
Regards,
- Håvard
More information about the Unbound-users
mailing list