Does unbound ignore unsigned replies from a signed zone?
free.sites at gmx.net
Mon May 20 18:21:55 CEST 2019
Thanks for your prompt answer. Well, the original post is here:
It's about the Cloudflare security-test website
https://www.cloudflare.com/ssl/encrypted-sni/ that reports "You may not
be using secure DNS" for some users although those users expect another
result. And the original poster brought up that statement about unbound
missing a strict DNSSEC mode ... what then confused me because it
sounded like there is something wrong with unbound what I liked to be
clarified. :hehe: I use unbound on my Raspberry Pi, with DoT upstream
servers (port 853 and tls authentication).
In the end they agreed upon the Cloudfare test site being buggy (compare
-over-tls.56095/page-30#post-485000). However, that statement about
unbound allegedly missing something like a strict dnssec mode (that
dnsmasq and stubby are claimed to have) has been haunting my mind, but
maybe I mix things up ... I'm a DNS newbie.
More information about the Unbound-users