Ralph Dolmans via Unbound-users:
Are you sure you are not looking at subqueries generated by Unbound,
like root priming queries or queries for the DNSKEY? We do not add ECS
data to these queries.
found it!
(for queries send to ipv4 as well as ipv6 name servers)
and, surprise:
the data aren't
Hi Andreas,
Are you sure you are not looking at subqueries generated by Unbound,
like root priming queries or queries for the DNSKEY? We do not add ECS
data to these queries.
I do not think we should document the any address case. Sending (privacy
sensitive) ECS data to all nameservers does not s
Ralph Dolmans via Unbound-users:
Any chance that the nameservers Unbound is sending queries to are not on
the ECS whitelist (send-client-subnet)? Unbound only sends ECS data to
whitelisted addresses.
Ralf.
2000::/3 should cover any IPv6 nameserver.
just added "send-client-subnet: 0.0.0.0/0"
Hi Andreas,
Any chance that the nameservers Unbound is sending queries to are not on
the ECS whitelist (send-client-subnet)? Unbound only sends ECS data to
whitelisted addresses.
Regards,
-- Ralph
On 24-04-17 10:43, A. Schulze via Unbound-users wrote:
>
> W.C.A. Wijngaards via Unbound-users:
>
W.C.A. Wijngaards via Unbound-users:
Unbound 1.6.2rc1 maintainers prerelease is available:
- Merge EDNS Client subnet implementation from feature branch into main
branch, using new EDNS processing framework.
Hello,
I have added to unbound.conf:
server:
module-config: "subnetcache v
There is a very good reason for not killing SHA1 right now in
https://tools.ietf.org/html/draft-wouters-sury-dnsop-algorithm-update-02
Sent from my iPhone
> On Apr 23, 2017, at 12:46, Viktor Dukhovni via Unbound-users
> wrote:
>
>> On Sat, Apr 22, 2017 at 01:43:41PM +0200, A. Schulze wrote:
On Sat, Apr 22, 2017 at 01:43:41PM +0200, A. Schulze wrote:
> Am 22.04.2017 um 13:20 schrieb A. Schulze via Unbound-users:
> > Am 13.04.2017 um 10:17 schrieb W.C.A. Wijngaards via Unbound-users:
> >
> >> Unbound 1.6.2rc1 maintainers prerelease is available:
> >> - --disable-sha1 disables SHA1 su
Am 22.04.2017 um 13:20 schrieb A. Schulze via Unbound-users:
>
>
> Am 13.04.2017 um 10:17 schrieb W.C.A. Wijngaards via Unbound-users:
>
>> Unbound 1.6.2rc1 maintainers prerelease is available:
>> - --disable-sha1 disables SHA1 support in RRSIG, so from DNSKEY and
>> DS records. NSEC3 is n
Am 13.04.2017 um 10:17 schrieb W.C.A. Wijngaards via Unbound-users:
> Unbound 1.6.2rc1 maintainers prerelease is available:
> - --disable-sha1 disables SHA1 support in RRSIG, so from DNSKEY and
> DS records. NSEC3 is not disabled.
I tried --disable-sha1 and found any org. zone no longer got
Am 20.04.2017 um 13:31 schrieb Ralph Dolmans via Unbound-users:
> We are planning to implement the key tag query part of RFC 8145 soon.
> Will that be sufficient for you or do you also need the EDNS option?
Hello Ralph,
I read RFC again and am now aware of /two/ options to transport the key ta
Hi Andreas,
On 20-04-17 10:23, A. Schulze via Unbound-users wrote:
> May this "new EDNS processing framework" also support RFC 8145 soon?
> That would be helpful for the YETI DNS project for example.
We are planning to implement the key tag query part of RFC 8145 soon.
Will that be sufficient for
Am 13.04.2017 um 10:17 schrieb W.C.A. Wijngaards via Unbound-users:
> Unbound 1.6.2rc1 maintainers prerelease is available:
works noiseless here since a week.
one question came up when I combine these two announcements:
> - Add trustanchor.unbound CH TXT that gets a response with a number
> o
Hi,
Unbound 1.6.2rc1 maintainers prerelease is available:
https://www.unbound.net/downloads/unbound-1.6.2rc1.tar.gz
sha256 8d818f5e7c669848875edc782493d52887602e45d1d482a6df1a8d713f5a6a9f
pgp https://www.unbound.net/downloads/unbound-1.6.2rc1.tar.gz.asc
This release has a couple of new features a
13 matches
Mail list logo
