Maintained by: NLnet Labs

[Unbound-users] also non-recursive support (snoop) by default?

Gábor Lénárt
Thu Feb 4 11:07:10 CET 2010


We have a customer complaining that he can't use "dig +trace". I have the
idea that it's because dig in trace mode tries to fetch the list of root
name servers in a non-recursive way, which is forbidden by unbound by
default at least. Unbound document says, it is possible if you configure
allow_snoop, but it also states that it should be set only for the
administrators or so. However, our customer states, that we _must_ support
it for every customers since, he gave this information as explanation about
his request:

"All name servers must implement non-recursive queries."

Now I am a bit uncertain about the situation. If he is right, unbound is not
RFC compatible without this snoop support configured? Also then the
documentation of unbound should not mention that this settings should not be
used only for the adminstrators (for debug purposes), since it seems an RFC
(which is also an STD: STD13) requires it, so here we have a "MUST" (RFC) and
"should not" (unbound documentation) conflict.

Please help me to understand the situation. If it is not needed to support
(I misunderstood the RFC, or another RFC obsolates this one, etc), please
give me some hint what I should look for to explain the lack of this feature
for our customer.

Thanks a lot in advance!

- Gábor Lénárt