Hello,
and thank you for testbound test suite!
Please accept my apology if this is not the right list but I was not
able to find unbound-devel list.
I've spent last weeks working on Deckard DNS test tool [1], which is
heavily inspired by testbound. It can be seen as generalization of
testbound f
On 21.7.2017 17:52, Anand Buddhdev via Unbound-users wrote:
> On 21/07/2017 17:39, Jacob Hoffman-Andrews via Unbound-users wrote:
>
> Hi Jacob,
>
>> I have another question related to SERVFAIL. Let's Encrypt tries to
>> provide the most useful error messages possible to its users. My
>> underst
On 28.7.2017 00:15, Jacob Hoffman-Andrews via Unbound-users wrote:
> On 07/27/2017 01:28 PM, Robert Edmonds wrote:
>> Jacob Hoffman-Andrews via Unbound-users wrote:
>>> I'm trying to write some documentation for users of Let's Encrypt about
>>> CAA. I believe it's the case that standards-conformant
Hello,
is it possible to use some trick to configure Unbound to refuse ANY queries?
It would be helpful for (intentionally) open recursors before
https://tools.ietf.org/html/draft-ietf-dnsop-refuse-any is implemented.
Thank you for your time.
--
Petr Špaček @ CZ.NIC
en used for attacks using our
resolver can produce rather large answers for QTYPE, so returning more
than one QTYPE might not cut the size down as we would wish.
Petr Špaček @ CZ.NIC
>
> There may be tricks with local-zones or local-data or python scripting
> or views.
>
> Best re
On 25.8.2017 15:55, A. Schulze via Unbound-users wrote:
>
> W.C.A. Wijngaards via Unbound-users:
>
>> It is enabled by default, and implemented in Unbound 1.5.4. These are
>> the changelog entries from the download page:
>
> found: ~unbound-source/service/cache/dns.c, search for 'Fill TYPE_ANY
On 13.9.2017 23:27, Tom Samplonius via Unbound-users wrote:
>
> I haven’t seen a IP address in a MX record in the last 5 years. In
> the 16 years since that was written, the email world has changed a lot.
> Email systems are larger, and tend to run by email professionals who
> know the standar
Hi,
generally speaking 20 % of NXDOMAIN (or even more) is about normal
pattern we see in normal traffic.
Blame Google Chrome and the like, they use it do detect DNS hijacking.
Aggressive use of DNSSEC-validated cache will help for signed zones but
there is no real 'solution' except fixing clients
On 23.5.2018 15:46, W.C.A. Wijngaards via Unbound-users wrote:
Hi Hank,
On 23/05/18 15:23, Hank Barta via Unbound-users wrote:
Hi all,
I use pfsense for my firewall and have selected the unbound resolver for
DNS on my home LAN. I have configured this to use Cloudflare DNS with
DNSSEC enabled.
On 23.5.2018 15:58, Petr Špaček via Unbound-users wrote:
On 23.5.2018 15:46, W.C.A. Wijngaards via Unbound-users wrote:
Hi Hank,
On 23/05/18 15:23, Hank Barta via Unbound-users wrote:
Hi all,
I use pfsense for my firewall and have selected the unbound resolver for
DNS on my home LAN. I have
On 11.6.2018 23:31, Håkan Lindqvist via Unbound-users wrote:
Hi,
I ran into and issue where it appears that Unbound 1.7.1 fails to
resolve some Akamai CDN names if qname-minimisation is enabled
(consistently responds with SERVFAIL).
1.7.0 did not exhibit the same behavior with identical confi
Hello Ray,
in general TCP is mandatory for proper DNS operation so I would
recommend you not to waste time on non-TCP DNS. It will just break in
various situations as you saw yourself.
Please see standard
https://tools.ietf.org/html/rfc7766
which reinforces mandate for TCP support in DNS:
12 matches
Mail list logo