message is bogus, non secure rrset with Unbound as local caching resolver

Havard Eidnes he at
Thu Mar 3 11:08:28 UTC 2016

>> > Following the "not a bug" response from the BIND maintainers
>> > yesterday evening, can you please point to chapter and verse
>> > mandating this behaviour for non-authoritative recursive
>> > resolvers?
>> RFC4035 3.2.3 for validators, all RRsets in answer and authority
>> sections should be authentic ...
> That's about setting the ad bit. Was it set in this response?

Nope AD=1 was not set in the response, and I would guess that is
as expected, since CD=1 was set in the query.


- Håvard

More information about the Unbound-users mailing list