unset the 'dnssec ok' flag in requests
ralph at nlnetlabs.nl
Fri Oct 7 13:17:53 UTC 2016
No, Unbound does not have a configuration option to disable the DO flag
on outgoing queries.
On 06-10-16 19:56, Rob Andrzejewski via Unbound-users wrote:
> Afternoon Unbound Users,
> In my particular use case of Unbound, we don't need dnssec validation.
> I have disabled validation through the config and confirmed that the
> server is not validating. However, I recently did a tcpdump of my
> unbound server traffic and noticed that Unbound sets the 'do' flag on
> all recursive queries.
> So, it is receiving all the dnssec info even though it's not using it
> for validation. Which also means it's caching all the rrsig, etc
> Is there a configuration option to disable the 'do' flag on outbound requests?
> Any assistance is greatly appreciated.
More information about the Unbound-users