On Thu, 4 Feb 2010, Leen Besselink wrote: > And I found out unbound was sending queries with the D0-bit set, but it isn't > configured to actually validate anything. unbound does validation per default. You can disable this using val-permissive-mode:yes however, it will still perform queries with the DO bit, and validation. It will just pass the data along anyway (as if the client send the CD bit) > Is their a way to turn this off when needed (for example if I'm running > unbound on a laptop and am somewhere with a bad firewall) ? unbound should recover from those failures (eg TCP 53 firewalled, or UDP >512bytes failing) by itself. Paul