message is bogus, non secure rrset with Unbound as local caching resolver

Olav Morken olav.morken at
Thu Mar 3 08:11:36 UTC 2016

On Thu, Mar 03, 2016 at 08:58:02 +0100, Olav Morken wrote:
> On Wed, Mar 02, 2016 at 16:58:38 +0000, Tony Finch wrote:
> > Does Unbound use CD=1 when forwarding? If so, it should expect to receive
> > partially bogus answers and should handle them gracefully.
> I checked, and it does set the CD-flag.

I forgot to mention this, but I also did a quick test where I patched[1] 
of Unbound to not set the CD-flag in its queries, and at that point DNS 
resolution worked. Checking packet captures shows that BIND does not 
include the NS-records in that case.


Best regards,
Olav Morken

More information about the Unbound-users mailing list