do.havedane.net nsec3 issue (sec_status_insecure) unbound 1.9.1
Stefan Kublinski
kublinski at gmail.com
Sun Apr 28 16:34:34 UTC 2019
I also tested with "qname-minimisation-strict: no" (unbound 1.9.1) and
I still get sec_status_insecure.
With "qname-minimisation: no" I get the tlsa records.
Regards, Stefan
> Am So., 28. Apr. 2019 um 15:38 Uhr schrieb A. Schulze via
> Unbound-users <unbound-users at nlnetlabs.nl>:
> > Google DNS don't use qname minimization.
> > Only if you disable qname minimisation unbound will ask havedane.net's nameserver for "_25._tcp.do" (dotted hostname) and get an answer.
>
> That would imply that unbounds (1.9.0) implementation of qname
> minimisation is broken since debians unbound default config has qname
> minimisation activated.
>
> Regards Stefan
More information about the Unbound-users
mailing list