It is very wastefull for other than DNSSEC user.
I want to enable DO bit. Can I do with Unbound? (However I know it's "MUST" by
RFC.)
> 2017-09-01 11:46 GMT-03:00 T.Suzuki via Unbound-users
> :
> > unbound.conf
> > # EDNS reassembly buffer to advertise to UDP p
unbound.conf
# EDNS reassembly buffer to advertise to UDP peers (the actual buffer
# is set with msg-buffer-size). 1480 can solve fragmentation (timeouts)
edns-buffer-size:
Why does this comment recommend
1480 = 1500 - 20 ? (UDP datagram size over IPv4)
Why is this value not to become
1472 = 15
su -m unbound -c "/usr/local/sbin/unbound-anchor
${unbound_anchorflags}"
fi
echo .
/usr/local/sbin/unbound-checkconf > /dev/null
return $?
}
On Fri, 4 Aug 2017 10:14:19 +0900
"T.Suzuki via Unbound-users" wrote:
> On Thu, 3 A
On Thu, 3 Aug 2017 16:04:56 +0200
"W.C.A. Wijngaards via Unbound-users" wrote:
> Hi T.Suzuki,
>
> I don't know why it is querying for the root DNSKEY for you. It should
> not do that, unless a client asked for it.
There is no client at startup.
> Do you have verbosity 5 debug logs? Perhaps t
On Thu, 3 Aug 2017 09:08:52 +0200
"W.C.A. Wijngaards via Unbound-users" wrote:
> Hi T.Suzuki,
>
> Do you have prefetch-key enabled still? It causes the DNSKEY to be
> prefetched. If so, that would just be extra data in the cache, and not
> hamper KSK rollovers.
I do not enable any key configu
I found a packet requesting dnskey record at priming,in spite of removing
"validator" from my config.
What is the purpose of this function?
I think this function may cause trouble with KSK rollover.
--
--
T.Suzuki