rfc6761 compliance

Tue Sep 22 07:08:53 UTC 2015

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Robert, Andreas,

On 11/09/15 17:54, Robert Edmonds via Unbound-users wrote:
> A. Schulze via Unbound-users wrote:
>> Hello,
>> 
>> the RFC 6761 give some advise how caching DNS servers SHOULD 
>> handle queries for reserved domains. Mostly it say "do not send
>> queries to the root name servers"
>> 
>> ... point 4 in any case ... 
>> http://tools.ietf.org/html/rfc6761#section-6.2 ( domain "test."
>> ) http://tools.ietf.org/html/rfc6761#section-6.4 ( domain
>> "invalid." )
>> 
>> looks like unbound don't follow that "SHOULD" recommendations. it
>> this a miss-configuration on my side ?
> 
> I am also curious why these domains are not handled specially by
> Unbound as RFC 6761 recommends.  Interestingly, BIND has the exact
> same behavior as Unbound for these two domains.  (See
> https://bugs.debian.org/55032 for details.)
> 

It is not a particularly heavy root server load to mitigate, less code
is better and easier, the unblock-lan-zones statement is a frequently
asked question from our users.  That said, we could add new code for
this (and .onion?).

Best regards, Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWAP6FAAoJEJ9vHC1+BF+N0acP/izkFs3pdDv0OMXqIC2p6I7e
Qfbo+FfHawVfA8u58AaWJIcO7mdCiSDmzj7vzr3pnTWvdIuOZRKNuZphtzTwKuuV
H/+bB9oeFwXef61uX3hepjihKmpoCY7l/UOhDlLRVIyQvYV5hmN1HJ3yHRkIXXCH
lNxl0i4upEF7pBtVvnhl9jr/mYmPz4+6T7yKs4FV63RaQAXezRJyt/qmpBXDdvuf
it82RdF0HmWNXegMiW7oV3iwZW5xrOpHYUPmbhYw4t85y1VkOHz4lbpdVZL9lDCs
33SySG1fgXSRe5LS4MHWnUJVTE1byAkZ1Hl5nK6D5MvEt9B/3utYiLjKDmBQrCLP
bGsFesWcGf0OzA3OyVYgS24Vhs9pSJhzTke7B1g6Tmxc5PSZhUJS6STE6SWlI6XL
9Crd8VKyb4pNwq44ZHMzwu90vCshLAsOaKWpdj4iq00l8zxudZiGRmBj7Lz3qTRv
ui/U9RtDVx2QQ+EyArgrzynrTTlg7LJan80/yhH7qohfRKffcy8DyqLKchujt+Wf
RkhxrJtN/DlZvWqnqSGKAXt1Ah7fHnyqmbNuuPh82eiADyD9tw9uJt3K9bbiVUyN
1OdfgfbOK+xs/gxWUHHj4kfwhFR1DSGqs/eZoc5YFfJIDja/zGT8ftnZ/rmy9ScA
bKFLzSWsptRIQKkH45TH
=xeKM
-----END PGP SIGNATURE-----