Maintained by: NLnet Labs

[Unbound-users] Unbound returns invalid response? NODATA without SOA

W.C.A. Wijngaards
Wed Dec 9 15:59:06 CET 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Hauke,

Fix is in svn r1932.  It paradoxically may speed up unbound as it needs
to allocate less memory during validation of a chain of trust.  In your
setup, it may be the opposite as it has to generate network queries to
chase after a SOA record to return to the client.

Best regards,
   Wouter

On 12/09/2009 09:01 AM, W.C.A. Wijngaards wrote:
> Thanks for the report, I can reproduce this behaviour in unbound.  I did
> not realize that BIND complains so badly about this.  It is something
> used internally in unbound to speed things up.  It seems that other
> validators cannot cope with it.
> 
> On 12/08/2009 09:15 AM, Hauke Lampe wrote:
>> Unbound returns a cached answer containing only one NSEC record and no
>> SOA, but does not set the truncation bit:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAksfuzoACgkQkDLqNwOhpPh/LwCeJhrslp103F7c+D4YvkKgTWIG
jzIAn2QQOJNqiuO3Y+cKuc3YzUbu8JP9
=2KLs
-----END PGP SIGNATURE-----