Maintained by: NLnet Labs

[Unbound-users] DNSSEC mismatch between Bind 9.7 and Unbound

lst_hoe02 at kwsoft.de
Fri Nov 5 16:53:35 CET 2010


Zitat von "W.C.A. Wijngaards" <wouter at NLnetLabs.nl>:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Andreas,
>
> The trouble is that bind does not respond with the correct response to
> the query for the DS.  Unbound can do nothing but fail the query.
>
> (Thank you for the validation error line and those dig outputs, that
> really helps!).

Damn...
That would mean i can't savely operate unbound as downstream cache at  
least with this version of Bind. If i disable DNSSEC in unbound it  
will set the cdflag for queries to the forwarder so no DNSSEC will be  
done at all, no?

Regards

Andreas