Maintained by: NLnet Labs

message is bogus, non secure rrset with Unbound as local caching resolver

Havard Eidnes
Thu Mar 3 12:08:28 CET 2016


>> > Following the "not a bug" response from the BIND maintainers
>> > yesterday evening, can you please point to chapter and verse
>> > mandating this behaviour for non-authoritative recursive
>> > resolvers?
>>
>> RFC4035 3.2.3 for validators, all RRsets in answer and authority
>> sections should be authentic ...
>>
>> https://tools.ietf.org/html/rfc4035#section-3.2.3
>
> That's about setting the ad bit. Was it set in this response?

Nope AD=1 was not set in the response, and I would guess that is
as expected, since CD=1 was set in the query.

Regards,

- Håvard