It's been reported that glibc does not recognize REFUSED responses generated by Unbound with this configuration:
server: interface: 0.0.0.0 access-control: 0.0.0.0/0 refuse Our bug report is here: DNS stub resolver ignores header-only error responses <https://sourceware.org/bugzilla/show_bug.cgi?id=31890> I've got a fix, but it goes somewhat against what I think are current stub resolver practices: do not ignore the question section for response matching. Are my expectations just wrong? Is it more important for servers to produce smaller responses? Thanks, Florian
