Maintained by: NLnet Labs

[Unbound-users] small bug ?

Leen Besselink
Thu Feb 4 10:46:18 CET 2010


As someone with more interrest in DNS and DNSSEC than more people, I 
tried the following page:

Now I have an unbound running on my machine, but it does not have 
anything configured to do validation.

But still this page says:

"Your ISP validates DNSSEC for .se"

So I tried again with the latest version of unbound and created a 
pcap-file to see what was going on.

And I found out unbound was sending queries with the D0-bit set, but it 
isn't configured to actually validate anything.

Is their a way to turn this off when needed (for example if I'm running 
unbound on a laptop and am somewhere with a bad firewall) ?

Is this a bug or is this on purpose ?

Just a few questions I came up with while I was typing this. :-)

Anyway, thank you for creating Unbound.

Have a nice day,