Does unbound ignore unsigned replies from a signed zone?

User free.sites at
Mon May 20 16:21:55 UTC 2019


Thanks for your prompt answer. Well, the original post is here:

It's about the Cloudflare security-test website that reports "You may not
be using secure DNS" for some users although those users expect another
result. And the original poster brought up that statement about unbound
missing a strict DNSSEC mode ... what then confused me because it
sounded like there is something wrong with unbound what I liked to be
clarified. :hehe: I use unbound on my Raspberry Pi, with DoT upstream
servers (port 853 and tls authentication).

In the end they agreed upon the Cloudfare test site being buggy (compare
-over-tls.56095/page-30#post-485000). However, that statement about
unbound allegedly missing something like a strict dnssec mode (that
dnsmasq and stubby are claimed to have) has been haunting my mind, but
maybe I mix things up ... I'm a DNS newbie.

Best regards

More information about the Unbound-users mailing list