Dne 1.7.2014 12:26, Bjoern A. Zeeb napsal(a): > OK, just replying to the last email; I’ll cleanup the patch (without the > regenerated files, etc.) and post it here the next hours or if that fails > days, so people can review, test, integrate it. >
Hello, I'm not sure if it's valid in current version of patches, but I would like to point out that the DNS64-patched Unbound operated on public NAT64 test [1] (apparently offline ATM) fails to conform with RFC 6147 in the way it handles queries with DO and CD flags set. For these queries, the synthesis MUST NOT be performed in order to preserve valid DNSSEC data for further validation at endpoint [2]. I think this should be fixed before the patch reaches the upstream. [1]: http://go6lab.si/current-ipv6-tests/nat64dns64-public-test/ [2]: http://tools.ietf.org/html/rfc6147#section-5.5 Cheers, Ondřej Caletka
smime.p7s
Description: Elektronicky podpis S/MIME
_______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
