Hello Ray,
in general TCP is mandatory for proper DNS operation so I would
recommend you not to waste time on non-TCP DNS. It will just break in
various situations as you saw yourself.
Please see standard
https://tools.ietf.org/html/rfc7766
which reinforces mandate for TCP support in DNS:
On 11.6.2018 23:31, Håkan Lindqvist via Unbound-users wrote:
Hi,
I ran into and issue where it appears that Unbound 1.7.1 fails to
resolve some Akamai CDN names if qname-minimisation is enabled
(consistently responds with SERVFAIL).
1.7.0 did not exhibit the same behavior with identical
On 23.5.2018 15:58, Petr Špaček via Unbound-users wrote:
On 23.5.2018 15:46, W.C.A. Wijngaards via Unbound-users wrote:
Hi Hank,
On 23/05/18 15:23, Hank Barta via Unbound-users wrote:
Hi all,
I use pfsense for my firewall and have selected the unbound resolver for
DNS on my home LAN. I have
On 23.5.2018 15:46, W.C.A. Wijngaards via Unbound-users wrote:
Hi Hank,
On 23/05/18 15:23, Hank Barta via Unbound-users wrote:
Hi all,
I use pfsense for my firewall and have selected the unbound resolver for
DNS on my home LAN. I have configured this to use Cloudflare DNS with
DNSSEC enabled.
Hi,
generally speaking 20 % of NXDOMAIN (or even more) is about normal
pattern we see in normal traffic.
Blame Google Chrome and the like, they use it do detect DNS hijacking.
Aggressive use of DNSSEC-validated cache will help for signed zones but
there is no real 'solution' except fixing
On 13.9.2017 23:27, Tom Samplonius via Unbound-users wrote:
>
> I haven’t seen a IP address in a MX record in the last 5 years. In
> the 16 years since that was written, the email world has changed a lot.
> Email systems are larger, and tend to run by email professionals who
> know the
On 25.8.2017 15:55, A. Schulze via Unbound-users wrote:
>
> W.C.A. Wijngaards via Unbound-users:
>
>> It is enabled by default, and implemented in Unbound 1.5.4. These are
>> the changelog entries from the download page:
>
> found: ~unbound-source/service/cache/dns.c, search for 'Fill TYPE_ANY
r attacks using our
resolver can produce rather large answers for QTYPE, so returning more
than one QTYPE might not cut the size down as we would wish.
Petr Špaček @ CZ.NIC
>
> There may be tricks with local-zones or local-data or python scripting
> or views.
>
> Best regards, Wou
Hello,
is it possible to use some trick to configure Unbound to refuse ANY queries?
It would be helpful for (intentionally) open recursors before
https://tools.ietf.org/html/draft-ietf-dnsop-refuse-any is implemented.
Thank you for your time.
--
Petr Špaček @ CZ.NIC
On 28.7.2017 00:15, Jacob Hoffman-Andrews via Unbound-users wrote:
> On 07/27/2017 01:28 PM, Robert Edmonds wrote:
>> Jacob Hoffman-Andrews via Unbound-users wrote:
>>> I'm trying to write some documentation for users of Let's Encrypt about
>>> CAA. I believe it's the case that
Hello,
and thank you for testbound test suite!
Please accept my apology if this is not the right list but I was not
able to find unbound-devel list.
I've spent last weeks working on Deckard DNS test tool [1], which is
heavily inspired by testbound. It can be seen as generalization of
testbound
11 matches
Mail list logo
