rfc6761 compliance

A. Schulze sca at andreasschulze.de
Fri Sep 11 08:17:37 CEST 2015


Hello,

the RFC 6761 give some advise how caching DNS servers SHOULD
handle queries for reserved domains. Mostly it say
"do not send queries to the root name servers"

... point 4 in any case ...
http://tools.ietf.org/html/rfc6761#section-6.2 ( domain "test." )
http://tools.ietf.org/html/rfc6761#section-6.4 ( domain "invalid." )

looks like unbound don't follow that "SHOULD" recommendations.
it this a miss-configuration on my side ?

my unbound.conf:
     server:
          ip-address: ::1
          chroot: /chroot/unbound
          do-daemonize: no
          val-log-level: 2
          trust-anchor: ". DS 19036 8 2  
49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5"
          # other options


adding local-zone statements make unbound fixes the "un-conformance" here.

     server:
         local-zone: "test." static
         local-zone: "invalid." static

Andreas



More information about the Unbound-users mailing list