Maintained by: NLnet Labs

[Unbound-users] also non-recursive support (snoop) by default?

Ondřej Surý
Thu Feb 4 14:24:00 CET 2010


Gábor,

Unbound implements non-recursive queries. Try:

$ dig +norec localhost @<your_ip>

It refuses to answer with data from cache e.g. for which he is not
authoritative (all domains expect localhost, reverse 127.0.0.1 and
::1, and the AS112 zones, and those defined by you in local-data
statement).

Ondrej

On Thu, Feb 4, 2010 at 11:07, Gábor Lénárt <lgb at lgb.hu> wrote:
> Hei,
>
> We have a customer complaining that he can't use "dig +trace". I have the
> idea that it's because dig in trace mode tries to fetch the list of root
> name servers in a non-recursive way, which is forbidden by unbound by
> default at least. Unbound document says, it is possible if you configure
> allow_snoop, but it also states that it should be set only for the
> administrators or so. However, our customer states, that we _must_ support
> it for every customers since, he gave this information as explanation about
> his request:
>
> RFC1034
> "All name servers must implement non-recursive queries."
>
> Now I am a bit uncertain about the situation. If he is right, unbound is not
> RFC compatible without this snoop support configured? Also then the
> documentation of unbound should not mention that this settings should not be
> used only for the adminstrators (for debug purposes), since it seems an RFC
> (which is also an STD: STD13) requires it, so here we have a "MUST" (RFC) and
> "should not" (unbound documentation) conflict.
>
> Please help me to understand the situation. If it is not needed to support
> (I misunderstood the RFC, or another RFC obsolates this one, etc), please
> give me some hint what I should look for to explain the lack of this feature
> for our customer.
>
> Thanks a lot in advance!
>
> - Gábor Lénárt
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
>



-- 
Ondřej Surý <ondrej at sury.org>
http://blog.rfc1925.org/