-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Jakub, On 01/27/2011 11:57 AM, Jakub Heichman wrote: > Greetings, > > After configuring private-address (and private-domain) entries I was > hoping that unbound would simply strip the private IP addresses from > responses. > However in my testing (unbound 1.4.8 and previous versions) I'm seeing > that the queries will SERVFAIL, also for domains whose NS records point > to a name that resolves to a private address, for example: Yes this is caused by line 648 of iterator/iter_scrub.c. This is extra-paranoid, since it can also just strip off the offending record. > I'm wondering if this is expected behaviour? Should I be seeing SERVFAIL > (note long query time) or NOERROR/NODATA with private data stripped? If you comment out that line you get the behaviour with NOERROR/NODATA with private data stripped. Best regards, Wouter -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk1BZGgACgkQkDLqNwOhpPiGLwCeJ4Cv3je+RXR3Ordsmsanq6zw jDMAnRwlwzcBC6zvdebb5+PgN0TEHNzm =DSZd -----END PGP SIGNATURE-----