message is bogus, non secure rrset with Unbound as local caching resolver
Olav Morken
olav.morken at uninett.no
Thu Mar 3 08:34:58 UTC 2016
On Wed, Mar 02, 2016 at 21:14:56 +0100, W.C.A. Wijngaards via Unbound-users wrote:
> However, I think it is not unreasonable to extend the compatibility
> code in Unbound for this. The error that Olav quotes is simply
> Unbound enforcing that 'all RRsets MUST validate' rule, telling you
> which one failed. The NS set is gratuitous though, in the answer,
> hence perhaps compatibility is an option. Not so, for, say, NSEC or
> SOA RRs.
If the compatibility code can be extended, that would be great! The
alternative at the moment seems to be to use less diversity in the
upstream resolvers, but that is unfortunate from a reliability point of
view.
Best regards,
Olav Morken
UNINETT
More information about the Unbound-users
mailing list