Hei, We have a customer complaining that he can't use "dig +trace". I have the idea that it's because dig in trace mode tries to fetch the list of root name servers in a non-recursive way, which is forbidden by unbound by default at least. Unbound document says, it is possible if you configure allow_snoop, but it also states that it should be set only for the administrators or so. However, our customer states, that we _must_ support it for every customers since, he gave this information as explanation about his request:
RFC1034 "All name servers must implement non-recursive queries." Now I am a bit uncertain about the situation. If he is right, unbound is not RFC compatible without this snoop support configured? Also then the documentation of unbound should not mention that this settings should not be used only for the adminstrators (for debug purposes), since it seems an RFC (which is also an STD: STD13) requires it, so here we have a "MUST" (RFC) and "should not" (unbound documentation) conflict. Please help me to understand the situation. If it is not needed to support (I misunderstood the RFC, or another RFC obsolates this one, etc), please give me some hint what I should look for to explain the lack of this feature for our customer. Thanks a lot in advance! - Gábor Lénárt _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
