message is bogus, non secure rrset with Unbound as local caching resolver
Tony Finch
dot at dotat.at
Thu Mar 3 10:49:23 UTC 2016
Havard Eidnes <he at uninett.no> wrote:
>
> Come to think of it, anything you get from a recursive resolver are
> possibly cached hints, including what you get in the Answer section.
It isn't quite that bad due to the RFC 2181 trustworthiness ranking.
> > Does Unbound use CD=1 when forwarding? If so, it should expect to receive
> > partially bogus answers and should handle them gracefully.
>
> Yep, as Olav replied, and the pcaps I capture on the BIND recursor
> agrees: CD=1 is set in the forwarded queries.
CD=1 is the wrong thing when querying a forwarder. When a domain is partly
broken, queries that work with CD=0 can be forced to fail with CD=1.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Fitzroy, Sole, Lundy, Fastnet: West or northwest 5 to 7, perhaps gale 8 later.
Moderate or rough in Lundy, otherwise rough or very rough, occasionally high
later except in Fastnet. Rain or thundery showers. Good, occasionally poor.
More information about the Unbound-users
mailing list