Maintained by: NLnet Labs

[Unbound-users] Unbound doesn't cache ANY query result from some DNSSEC-signed zone

Peter Koch
Mon Jun 10 14:11:08 CEST 2013


On Mon, Jun 10, 2013 at 01:21:56PM +0200, W.C.A. Wijngaards wrote:

> Yes.  But not many normal ANY queries.  TTL=0 is legal.  Unbound's
> behaviour for the ANY query is not really specified.  So for cache
> efficiency and easy it gets the query from upstream.

I am not convinced that implementing ANY as 'all', encouraging
false expectations, is really the right thing to do.
Additionally, in the context of recent events - even if unbound
would only rarely be run as open recursive - it 'helps' authoritative
servers to see more queries.

-Peter