Re: priming and dnskey

2017-08-03 Thread T.Suzuki via Unbound-users
On Thu, 3 Aug 2017 16:04:56 +0200 "W.C.A. Wijngaards via Unbound-users" wrote: > Hi T.Suzuki, > > I don't know why it is querying for the root DNSKEY for you. It should > not do that, unless a client asked for it. There is no client at startup. > Do you have

Unbound Consultation

2017-08-03 Thread Avi Harari via Unbound-users
Dear List, I'm currently using bind and I have a unique scenario. I have A records with multiple IPs (e.g xyz.mydomain.com has 200 different IPs). Recently some users encountered an issue while trying to resolve these records, apparently due to the record size. I was wondering if with Unbound I

Re: priming and dnskey

2017-08-03 Thread W.C.A. Wijngaards via Unbound-users
Hi T.Suzuki, I don't know why it is querying for the root DNSKEY for you. It should not do that, unless a client asked for it. Do you have verbosity 5 debug logs? Perhaps this config file is not the actual config file used by your resolver? Best regards, Wouter On 03/08/17 14:14, T.Suzuki

Re: priming and dnskey

2017-08-03 Thread T.Suzuki via Unbound-users
On Thu, 3 Aug 2017 09:08:52 +0200 "W.C.A. Wijngaards via Unbound-users" wrote: > Hi T.Suzuki, > > Do you have prefetch-key enabled still? It causes the DNSKEY to be > prefetched. If so, that would just be extra data in the cache, and not > hamper KSK rollovers. I

Re: priming and dnskey

2017-08-03 Thread W.C.A. Wijngaards via Unbound-users
Hi T.Suzuki, Do you have prefetch-key enabled still? It causes the DNSKEY to be prefetched. If so, that would just be extra data in the cache, and not hamper KSK rollovers. Otherwise, unbound shouldn't be fetching the DNSKEY itself then, but downstream clients could still be asking for it.