Maintained by: NLnet Labs

[Unbound-users] Google Public DNS

Marco Davids (SIDN)
Wed Mar 20 07:49:42 CET 2013


I suppose many of us read Google's announcement yesterday:

Now, Google Public DNS only validates when either the DO-bit or,
according to RFC6840, the AD-bit is set in the query.

Validation upon request, instead of ignoring validation by means of the
CD-bit, so to speak.

In a way, I kind of like the idea. As for some environments -such as the
one at Google- it might (for now) be a good alternative.It sort of
adheres to the idea; "everything stays the same, unless you want it to
be different" (which at the same time may be considered as undesirable...).


I was wondering what the opinions are on this list, regarding the
design-choices of Google. And if this feature is being considered for
Unbound (in addition to the already present ' val-permissive' mode)?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>