Unbound generates header-only REFUSED responses
Florian Weimer
fweimer at redhat.com
Mon Jul 8 13:45:17 UTC 2024
It's been reported that glibc does not recognize REFUSED responses
generated by Unbound with this configuration:
server:
interface: 0.0.0.0
access-control: 0.0.0.0/0 refuse
Our bug report is here:
DNS stub resolver ignores header-only error responses
<https://sourceware.org/bugzilla/show_bug.cgi?id=31890>
I've got a fix, but it goes somewhat against what I think are current
stub resolver practices: do not ignore the question section for response
matching. Are my expectations just wrong? Is it more important for
servers to produce smaller responses?
Thanks,
Florian
More information about the Unbound-users
mailing list