Hi, I am using libunbound for DANE-based realm-crossover for Kerberos. This requires the KDC to map hosts to realms via DNSSEC, but otherwise it is just a wrapper around the KDC, https://github.com/arpa2/kxover/tree/tls-based-attempt
1. Does libunbound cache like an Unbound server would, for the duration of the TTL if the program does not exit before? 2. The KDC and my daemon each use libunbound. Does that mean they each have their own cache, and if so, is there a way to combine their storage and validation efforts? I could speedup lookups with an Unbound daemon behind libunbound, but that'd give three caches and three independent validations! Allow me to add that libunbound is very pleasant to work with! The only thing I miss in the API is the lack of an invalid value for the async_id, so apart from storing that value there also is a need to flag whether such a field is occupied (and possibly calling for locking to keep the two consistent). Thanks! -Rick
