unbound fails to resolve .org domain with DNSSEC
Paulo Roberto Tomasi
pztomasi at gmail.com
Mon Sep 10 20:39:23 UTC 2018
Thank you very much!
Now https://www.rootcanary.org/test.html shows me green padlocks.
:-D
Em seg, 10 de set de 2018 às 16:26, Anand Buddhdev <anandb at ripe.net>
escreveu:
> On 10/09/2018 21:45, Paulo Roberto Tomasi via Unbound-users wrote:
>
> Hi Paulo,
>
> > do-tcp: no
>
> Don't disable TCP. TCP is *required* for proper operation of DNS,
> especially if you want to do DNSSEC validation. Many of the signed
> responses can be large. For example, the DNSKEY response for .ORG is
> 1625 bytes, and sometimes TCP is required in order to retrieve such
> large responses. Disabling TCP can cause DNSSEC validation to fail.
>
> Regards,
> Anand
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20180910/cb71ec31/attachment.htm>
More information about the Unbound-users
mailing list