Does unbound ignore unsigned replies from a signed zone?
User
free.sites at gmx.net
Mon May 20 16:21:55 UTC 2019
Hi!
Thanks for your prompt answer. Well, the original post is here:
https://www.snbforums.com/threads/preview-asuswrt-merlin-384-11-with-dns
-over-tls.56095/page-26#post-484685
It's about the Cloudflare security-test website
https://www.cloudflare.com/ssl/encrypted-sni/ that reports "You may not
be using secure DNS" for some users although those users expect another
result. And the original poster brought up that statement about unbound
missing a strict DNSSEC mode ... what then confused me because it
sounded like there is something wrong with unbound what I liked to be
clarified. :hehe: I use unbound on my Raspberry Pi, with DoT upstream
servers (port 853 and tls authentication).
In the end they agreed upon the Cloudfare test site being buggy (compare
https://www.snbforums.com/threads/preview-asuswrt-merlin-384-11-with-dns
-over-tls.56095/page-30#post-485000). However, that statement about
unbound allegedly missing something like a strict dnssec mode (that
dnsmasq and stubby are claimed to have) has been haunting my mind, but
maybe I mix things up ... I'm a DNS newbie.
Best regards
More information about the Unbound-users
mailing list