-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hoi Paul,
On 02/03/2014 08:10 AM, Paul Wouters wrote: > On Mon, 3 Feb 2014, Andreas Schulze wrote: > >>> service unbound start dig +dnssec nohats.ca >> >> Paul, >> >> I could not reproduce unvalidated answers using unbound-1.4.21 >> Empty cache, first dig take 800ms. Second dig answered from >> cache, 2 ms both have AD bit set. > > Is that on a colocated machine? Or a slower DSL/cable modem box. I > have a feeling it works fine on well-connected machines, but pops > up on machines on slow/bad links. Paul, can you replicate this with verbosity high (4 or 5)? Unbound should not do this (I am quick to point out, but it was obvious). Something is wrong, obviously; could it be that you have two nameservers and that your stub falls back to the second DNS server (not this unbound) that does not perform validation? Best regards, Wouter -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJS71a0AAoJEJ9vHC1+BF+NqNMQAJvlYNdY8EerAJS96yyqoftI LnlYlAOwGBVenO9IhG6zRIRFLP2d5fByYXIvZ3h0B4/+4U1tddTHXhyIDTcwaoEh OjXFtCL1M6TxR6ikQ4wca2GYgut5yVzB6ZHJVirTiSJ+xhvLL/KwdE01jILQIfEl rJxwdfzBkLtf2E9pqTRET9gv8DEFSdYF7YR1HoM+rMXcaDw1+mU0IQ+YtzkArO+M 7oFtSwMmxDvTG7NK1LkW6pdy7eLXepwxOmN8X7mV/qxPx9PxUHl4MRswa9xhKG7G Y85q+TAvCAg4ArjZkOJRAOIAwLDIgjgBVCNeXjVOEGy5LumkrhzyvCkcSzQPGTad w6HDmTGhTDoomN4+/Aj0F83G4aZgcmp55Gb684BOcglXlG5d9OPDLkhPG1FFFP62 8aAB7djRsFOlu0zH8knkXDOX7Uep9so2dVlEvTQcS72tGmeDu+gLdk0lOFRrhUVU BYmBRNhhNDlvlTyIkw+EUeBFwls8LdJWGpcfOpYqo6KX9WSh0UwRCKwwf7YEtiJP Lpc9pwyLPyA8XPocTrS6qDdsp7VrnMbYJdIHojHgrGXZwZzGpW5vDtuypg8kMD+8 HfMW88PqLMp3UndzLZNPezP8/lJooMclAzwIxtKe/5n4nuqgqE3TWUFVb45YOjBi rWgmQr48EHcM367ftp9G =jGdP -----END PGP SIGNATURE----- _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
