[Unbound-users] Unbound dropping Additional Records

W.C.A. Wijngaards wouter at NLnetLabs.nl
Wed Jan 7 11:40:11 UTC 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Rick,

Additional records are completely optional and can be dropped.

Unbound does know about the records you complain are being dropped. But
notices that the server open.nlnetlabs.nl is not authoritative for that
data. Hence that data receives different treatment. To protect the
client unbound leaves out this data.

The data can still be looked up, but that needs an additional query.

So, this is a security feature and unbound is protocol conformant.

You can turn off this behaviour with:
	harden-glue: no
The default is yes for security.

Best regards,
   Wouter

Rick van Rein wrote:
> I've encountered two strange things when using Unbound to query your
> domain nlnetlabs.nl.  I was playing with a program that cut off some
> Additional Records, and was confused to learn that it sometimes happens
> with Unbound as well.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAklklJsACgkQkDLqNwOhpPhq5QCgpxnuu9HRP9ewgoMF6zktosMq
MgMAn3K6pn+erDuIXvjErsOv5Tgjvhpd
=CQ20
-----END PGP SIGNATURE-----



More information about the Unbound-users mailing list