* W.C.A. Wijngaards via Unbound-users <unbound-users@unbound.net>: > Hi Ralf, > > On 25/06/18 11:43, Ralf Hildebrandt via Unbound-users wrote: > > We're using unbound on our four proxy servers (and a hand-compiled, > > current version of squid), which channel all outbound HTTP/HTTPS traffic. > > So I think it may be this change from 1.5.9: > - Fix unbound sets CD bit on all forwards. If no trust anchors, it'll > not set CD bit when forwarding to another server. If a trust anchor, no > CD bit on the first attempt to a forwarder, but CD bit thereafter on > repeated attempts to get DNSSEC.
It's probably that, yes. > It could be other fixes, perhaps in TCP (if you have tcp-upstream > enabled?) or ssl-upstream? Or caps-for-id? None of those. -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.de Campus Benjamin Franklin https://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155