Zitat von Jan-Piet Mens <[email protected]>:
We have "solved" the problem by setting the internal Unbound to not validate and let the forwarder do the DNSSEC work.That would be a neat feature for DNSSEC-Trigger: detect that the upstream forwarder is Unbound (version.bind chaos txt) and disable the validator. Well, maybe not. :-)
In our case it doesn't matter because both resolvers are managed by us, but for sure this should not be done automatically. Basically it looks like there are "rough-edges" when cascaded resolvers all try to do DNSSEC validation.
Regards Andreas _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
