Trying to find out why my unbound will not resolve www.startpuntgeldzaken.nl (1.13.1)
renaud at allard.it
Thu May 6 14:02:54 UTC 2021
On 5/6/21 3:44 PM, Gerben Wierda via Unbound-users wrote:
> That is also a good option. It really surprised me as I did not know that TCP was a hard requirement for queries. In my old know how, TCP was for zone transfers, but not for queries, but I admit I never dove into it extremely deep. Naive, no, but lacking knowledge, yes (those are not the same...).
The problem you have mainly lies within DNSSEC (especially when using
non EC signatures). As DNS UDP datagrams are limited to 512 bytes
(RFC1035), responses including DNSSEC security RRs have a high
probability of resulting in a truncated response being returned and the
resolver will be retrying the query using TCP.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4484 bytes
Desc: S/MIME Cryptographic Signature
More information about the Unbound-users