On Wed, Mar 02, 2016 at 21:14:56 +0100, W.C.A. Wijngaards via Unbound-users wrote: > However, I think it is not unreasonable to extend the compatibility > code in Unbound for this. The error that Olav quotes is simply > Unbound enforcing that 'all RRsets MUST validate' rule, telling you > which one failed. The NS set is gratuitous though, in the answer, > hence perhaps compatibility is an option. Not so, for, say, NSEC or > SOA RRs.
If the compatibility code can be extended, that would be great! The alternative at the moment seems to be to use less diversity in the upstream resolvers, but that is unfortunate from a reliability point of view. Best regards, Olav Morken UNINETT
