On Sun, 15 Feb 2009, Robert Edmonds wrote: > what is unbound specific is that unbound answers rd==0 queries which IMO > it should
>From the man page: The allow action does allow nonrecursive queries to access the local-data that is configured. The reason is that this does not involve the unbound server recursive lookup algorithm, and static data is served in the reply. This supports normal opera- tions where nonrecursive queries are made for the authoritative data. For nonrecursive queries any replies from the dynamic cache are refused. The action allow_snoop gives nonrecursive access too. This give both recursive and non recursive access. The name allow_snoop refers to cache snooping, a technique to use nonrecursive queries to examine the cache contents (for malicious acts). However, nonrecursive queries can also be a valuable debugging tool (when you want to examine the cache contents). It is to support certain common deployment scenarios, that involve adding static or (LEA) override data, forwarding auth queries, etc. > (dnscache seems to have not suffered for its decision to drop all rd==0 > queries on the floor.) If djb only always followed RFC :) Paul _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
