Is it by design that Unbound supports NS records pointing to CNAME records?
Jaime Hablutzel
hablutzel1 at gmail.com
Mon Jan 19 17:15:04 UTC 2026
In https://unbound.docs.nlnetlabs.nl/en/latest/reference/rfc-compliance.html you indicate compliance with RFC 2181, which forbids NS records to point to CNAME records:
> 10.3. MX and NS records
> The domain name used as the value of a NS resource record, or part of the value of a MX resource record must not be an alias.
But Unbound is currently supporting NS records pointing to CNAME records, following them in the regular way.
Is this by design or is it a bug?
For reference, BIND9 generates a SERVFAIL in such cases (https://groups.google.com/g/comp.protocols.dns.bind/c/MGJHdh7TSS4).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20260119/75a60ae0/attachment.htm>
More information about the Unbound-users
mailing list