Extended DNS Errors proposal

Tony Finch dot at dotat.at
Mon Mar 18 11:44:19 UTC 2019

Stephane Bortzmeyer via Unbound-users <unbound-users at nlnetlabs.nl> wrote:
> Nick via Unbound-users <unbound-users at nlnetlabs.nl> wrote:
> > Recently I have been looking for ways to determine/differentiate
> > (from the DNS client) SERVFAIL & SERVFAIL due to DNSSEC errors.
> Indeed, this is a big problem, and a serious issue for the DNS in
> general, and for DNSSEC specially.


You can distinguish between something DNSSEC and something else if you
re-query with CD=1 (e.g. `dig +cd`), but that still leaves a lot to be

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Dogger: Northwest 5 or 6, becoming variable 3 or 4. Rough or very rough,
becoming moderate. Fair. Good.

More information about the Unbound-users mailing list