Why is Unbound not like a `dig +trace`?
François Lafont
francois.lafont.1978 at gmail.com
Tue Sep 23 20:48:29 UTC 2025
Hi,
On 9/23/25 20:15, François Lafont wrote:
> Of course, I can test a more recent version (I will...).
I have done the same test with Unbound 1.24.0 (compiled from source) and I notice the same behaviour. To solve "in.ac-versailles.fr. CAA", Unbound makes this kind of request:
dig +norecurse @a.ns.ac-versailles.fr. in.ac-versailles.fr. A
unlike a `dig +trace in.ac-versailles.fr. CAA` which makes this kind of request:
dig +norecurse @a.ns.ac-versailles.fr. in.ac-versailles.fr. CAA
I would be curious to have some explanations. Of course, I'm not saying that Unbound is wrong. It's just that, with my level of DNS knowledge (which is definitely not that of an expert level), I expected Unbound to behave like a `dig +trace`.
Note: in each of my tests, I start Unbound with an empty cache. In other words, I start it up and the query I run is the first query that Unbound receives.
Bye.
--
François Lafont
More information about the Unbound-users
mailing list