Hi François,
On 24/09/2025 11:16, François Lafont via Unbound-users wrote:
I have done my tests again and of course, as you say:
* with "qname-minimisation: yes" (the default) a `dig in.ac-
versailles.fr CAA` failed (timeout).
* with "qname-minimisation: no" a `dig in.ac-versailles.fr CAA` works. \o/
That's really interesting. We learn something new every day with DNS. :)
Thanks again.
You can still learn a little more here!
You shouldn't be getting a timeout with qname-minimisation enabled!
The domain in.ac-versailles.fr is not properly configured and when asked
with "in.ac-versailles.fr A" it will return a delegation with designated
servers at:
prd-dns-int-01.in.ac-versailles.fr, and
prd-dns-int-02.in.ac-versailles.fr
Those servers do not seem to reply and cause the timeout you encounter
with dig.
qname-minimisation exposes broken delegations by its way of operation.
Now, why do the ac-versailles.fr nameservers reply with a NODATA answer
specifically for "in.ac-versailles.fr CAA" queries only, I don't know.
Best regards,
-- Yorgos
