Maintained by: NLnet Labs

[Unbound-users] Strange result from Unbound cache

Peter Koch
Mon Dec 13 16:03:33 CET 2010


On Tue, Nov 30, 2010 at 04:20:28PM +0100, W.C.A. Wijngaards wrote:

> Yes.  It caches what the authority server sends.  For speed reasons it
> does not (try to) remove duplicates.  Except in special corner cases
> where it does remove duplicates (where it tries to make sense of RRSIGs
> that are in the wrong section of the message, and when it thus adjusts
> the message it removes duplicates).

this is another challenge for the robustness principle, but RFC 2181
introduced the "RRSet" and deprecated (even recommended removing
duplicate RRs.  This was later confirmed (in DNSSEC context, though)
by section 6.3 of RFC 4034.  More importantly, it appears more
consumer/application friendly to me to suppress the duplicates. YMMV.

-Peter