nsec3 issue (sec_status_insecure) unbound 1.9.1

Stefan Kublinski kublinski at
Sun Apr 28 16:34:34 UTC 2019

I also tested with "qname-minimisation-strict: no" (unbound 1.9.1) and
I still get sec_status_insecure.
With "qname-minimisation: no" I get the tlsa records.

Regards, Stefan

> Am So., 28. Apr. 2019 um 15:38 Uhr schrieb A. Schulze via
> Unbound-users <unbound-users at>:
> > Google DNS don't use qname minimization.
> > Only if you disable qname minimisation unbound will ask's nameserver for "" (dotted hostname) and get an answer.
> That would imply that unbounds (1.9.0) implementation of qname
> minimisation is broken since debians unbound default config has qname
> minimisation activated.
> Regards Stefan

More information about the Unbound-users mailing list