Sticky old nameservers

[Stephane Bortzmeyer]

On Wed, Feb 19, 2020 at 09:07:44AM +0100,
 Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote 
 a message of 41 lines which said:

> I thought I knew the DNS but apparently I don't.

It seems the the problem was not Unbound's fault but a combination of
"poisonings" with wrong information.

> The TTL of the wrong information was only 300 seconds.

But the domain of assemblee-nationale.fr's name servers was announced
for a while by its registry with wrong nameservers and a TTL of two
days. Also, these nameservers served A records with a TTL of two
hours. In short, Unbound may have had good reasons to stick to the
wrong information.

This specific resolver did not have harden-glue and
harden-referral-path. May be it should.