Maintained by: NLnet Labs

rfc6761 compliance

A. Schulze
Fri Sep 11 08:17:37 CEST 2015


Hello,

the RFC 6761 give some advise how caching DNS servers SHOULD
handle queries for reserved domains. Mostly it say
"do not send queries to the root name servers"

... point 4 in any case ...
http://tools.ietf.org/html/rfc6761#section-6.2 ( domain "test." )
http://tools.ietf.org/html/rfc6761#section-6.4 ( domain "invalid." )

looks like unbound don't follow that "SHOULD" recommendations.
it this a miss-configuration on my side ?

my unbound.conf:
     server:
          ip-address: ::1
          chroot: /chroot/unbound
          do-daemonize: no
          val-log-level: 2
          trust-anchor: ". DS 19036 8 2  
49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5"
          # other options


adding local-zone statements make unbound fixes the "un-conformance" here.

     server:
         local-zone: "test." static
         local-zone: "invalid." static

Andreas