Trying to find out why my unbound will not resolve (1.13.1)

Renaud Allard renaud at
Thu May 6 14:02:54 UTC 2021

On 5/6/21 3:44 PM, Gerben Wierda via Unbound-users wrote:
> That is also a good option. It really surprised me as I did not know that TCP was a hard requirement for queries. In my old know how, TCP was for zone transfers, but not for queries, but I admit I never dove into it extremely deep. Naive, no, but lacking knowledge, yes (those are not the same...).

The problem you have mainly lies within DNSSEC (especially when using 
non EC signatures). As DNS UDP datagrams are limited to 512 bytes 
(RFC1035), responses including DNSSEC security RRs have a high 
probability of resulting in a truncated response being returned and the 
resolver will be retrying the query using TCP.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4484 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the Unbound-users mailing list