rfc6761 compliance

A. Schulze sca at andreasschulze.de
Fri Sep 11 06:17:37 UTC 2015


Hello,

the RFC 6761 give some advise how caching DNS servers SHOULD
handle queries for reserved domains. Mostly it say
"do not send queries to the root name servers"

... point 4 in any case ...
http://tools.ietf.org/html/rfc6761#section-6.2 ( domain "test." )
http://tools.ietf.org/html/rfc6761#section-6.4 ( domain "invalid." )

looks like unbound don't follow that "SHOULD" recommendations.
it this a miss-configuration on my side ?

my unbound.conf:
     server:
          ip-address: ::1
          chroot: /chroot/unbound
          do-daemonize: no
          val-log-level: 2
          trust-anchor: ". DS 19036 8 2  
49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5"
          # other options


adding local-zone statements make unbound fixes the "un-conformance" here.

     server:
         local-zone: "test." static
         local-zone: "invalid." static

Andreas




More information about the Unbound-users mailing list