On 06/28/2013 07:10 PM, Daisuke HIGASHI wrote: > Hi, > > 2013/6/10 W.C.A. Wijngaards <[email protected]>: > >> cache-min-ttl could perhaps change unbound's behaviour here. > > Thank you for your suggestion and I confirmed > that "cache-min-ttl: <small number>" leads Unbound to cache > such ANY-query results. > > 2013/6/10 Peter Koch <[email protected]>: >> I am not convinced that implementing ANY as 'all', encouraging >> false expectations, is really the right thing to do. >> Additionally, in the context of recent events - even if unbound >> would only rarely be run as open recursive - it 'helps' authoritative >> servers to see more queries. > > At nameserver-side, giving non-zero TTL for NSEC3PARAM records > might be an workaround against this issue. > Unfortunately OpenDNSSEC decided to set zero-TTL > to NSEC3PARAM of signing zones [1]. > > [1] https://issues.opendnssec.org/browse/OPENDNSSEC-330
FYI: We are going back to default TTL in the upcoming patch versions for OpenDNSSEC 1.3 and 1.4 Best regards, Matthijs > > Regards, > -- > Daisuke HIGASHI <[email protected]> > _______________________________________________ > Unbound-users mailing list > [email protected] > http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users > _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
