Trying to find out why my unbound will not resolve www.startpuntgeldzaken.nl (1.13.1)

Renaud Allard renaud at allard.it
Thu May 6 14:02:54 UTC 2021



On 5/6/21 3:44 PM, Gerben Wierda via Unbound-users wrote:
> That is also a good option. It really surprised me as I did not know that TCP was a hard requirement for queries. In my old know how, TCP was for zone transfers, but not for queries, but I admit I never dove into it extremely deep. Naive, no, but lacking knowledge, yes (those are not the same...).
>

The problem you have mainly lies within DNSSEC (especially when using 
non EC signatures). As DNS UDP datagrams are limited to 512 bytes 
(RFC1035), responses including DNSSEC security RRs have a high 
probability of resulting in a truncated response being returned and the 
resolver will be retrying the query using TCP.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4484 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20210506/60931ef5/attachment.bin>


More information about the Unbound-users mailing list