Maintained by: NLnet Labs

[Unbound-users] private-address behaviour

Paul Wouters
Fri Jan 28 01:04:01 CET 2011


On Thu, 27 Jan 2011, Aaron Hopkins wrote:

>> Yes this is caused by line 648 of iterator/iter_scrub.c.  This is
>> extra-paranoid, since it can also just strip off the offending record.
>
> I ran into this too, and I had to disable private-address on user-facing
> instances of unbound because there are apparently enough slightly broken
> domains that list additional records of RFC1918 nameservers to be annoying.
>
> Can removing this line of code be the default behavior?  I suspect you
> would take issue with asking that this turn into a config toggle, which I'd
> also be fine with.

+1 for config option or stripping without servfail.

Paul