On Fri, 06 Mar 2026 02:21:18 +0000 John Scott <[email protected]> wrote:
Package: unbound Version: 1.22.0-2+deb13u1 Severity: important Tags: upstream fixed-upstream Forwarded: https://github.com/NLnetLabs/unbound/issues/1247 Control: fixed -1 1.24.0-1
...
This bug was fixed upstream a while ago and it's already fixed in Forky and unstable, but even attempting TLS to reach root nameservers is almost always wrong and a waste of network resources across the whole path. Thus I think this deserves to be fixed via trixie-updates/point release too. These two commits ought to suffice together: https://github.com/NLnetLabs/unbound/commit/ca153f465723c3cefdaa7d299962369bc95da7c0 https://github.com/NLnetLabs/unbound/commit/e2814fe1651825cd5c7f21032e27e4326111f8f4
Yes, this definitely needs to be fixed for trixie. Unfortunately I missed the current trixie point release date, which was yesterday, completely forgetting about this bug, which I haven't added to my todo list. I'm submitting it for either the next trixie point release, or maybe a security update, - let's see how it goes. Thank you for an excellent bug report! /mjt
