Rygl Aleš:
I have found out a temporary solution. I am forwarding troubled domains to a
another resolver without 0x20 support using forward zone:
that sound very simple but _realy_ cool!
we do enable 0x20 capitalisation at our enterprise level resolvers.
Last week I had an issue with a domain I could analyse in detail.
The external customer run a Debian Squeeze + bind 9.7.3 for his domain
and rDNS
The rDNS was broken because we sent queries for *.In.ADr.ArpA.
The Debian servers was "protected" by a Cisco firewall.
This device had a "content inspection" for DNS enabled which broke his
bind9 answers.
Unfortunately the latest 0x20 patches for unbound-1.4.22 did not catch that.
@Wouter, if you'r interested I could setup a test environment...
Andreas
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
