I'm trying to understand Unbound's TCP fallback better. Is it expected that Unbound will fall back to TCP when UDP queries timeout, or only if it receives a truncated ANSWER?
Specifically, I'm trying to make CAA queries, and finding that, when querying a certain DNS provider (NetRegistry), UDP queries time out but TCP queries succeed. Specifically, if I set tcp-upstream: yes, I can get a response, but if I set tcp-upstream: no (the default), I get timeouts from Unbound, and I never see it fall back to TCP. I'm considering running two Unbound instances: one with tcp-upstream: yes, and one with tcp-upstream: no, and having my application implement fallback between the two. That is, if a query to the first instance times out, query the second instance. Is that a reasonable approach? Thanks, Jacob
