unset the 'dnssec ok' flag in requests
Ralph Dolmans
ralph at nlnetlabs.nl
Fri Oct 7 13:17:53 UTC 2016
Hi Rob,
No, Unbound does not have a configuration option to disable the DO flag
on outgoing queries.
Regards,
-- Ralph
On 06-10-16 19:56, Rob Andrzejewski via Unbound-users wrote:
> Afternoon Unbound Users,
>
> In my particular use case of Unbound, we don't need dnssec validation.
> I have disabled validation through the config and confirmed that the
> server is not validating. However, I recently did a tcpdump of my
> unbound server traffic and noticed that Unbound sets the 'do' flag on
> all recursive queries.
> So, it is receiving all the dnssec info even though it's not using it
> for validation. Which also means it's caching all the rrsig, etc
> records.
>
> Is there a configuration option to disable the 'do' flag on outbound requests?
>
> Any assistance is greatly appreciated.
>
> Thanks,
> RA
>
More information about the Unbound-users
mailing list