message is bogus, non secure rrset with Unbound as local caching resolver
Olav Morken
olav.morken at uninett.no
Thu Mar 3 08:11:36 UTC 2016
On Thu, Mar 03, 2016 at 08:58:02 +0100, Olav Morken wrote:
> On Wed, Mar 02, 2016 at 16:58:38 +0000, Tony Finch wrote:
> > Does Unbound use CD=1 when forwarding? If so, it should expect to receive
> > partially bogus answers and should handle them gracefully.
>
> I checked, and it does set the CD-flag.
I forgot to mention this, but I also did a quick test where I patched[1]
of Unbound to not set the CD-flag in its queries, and at that point DNS
resolution worked. Checking packet captures shows that BIND does not
include the NS-records in that case.
[1] https://gist.github.com/olavmrk/f9e9c68ec2932e026b4e
Best regards,
Olav Morken
UNINETT
More information about the Unbound-users
mailing list