-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Robert, Andreas,
On 11/09/15 17:54, Robert Edmonds via Unbound-users wrote: > A. Schulze via Unbound-users wrote: >> Hello, >> >> the RFC 6761 give some advise how caching DNS servers SHOULD >> handle queries for reserved domains. Mostly it say "do not send >> queries to the root name servers" >> >> ... point 4 in any case ... >> http://tools.ietf.org/html/rfc6761#section-6.2 ( domain "test." >> ) http://tools.ietf.org/html/rfc6761#section-6.4 ( domain >> "invalid." ) >> >> looks like unbound don't follow that "SHOULD" recommendations. it >> this a miss-configuration on my side ? > > I am also curious why these domains are not handled specially by > Unbound as RFC 6761 recommends. Interestingly, BIND has the exact > same behavior as Unbound for these two domains. (See > https://bugs.debian.org/55032 for details.) > It is not a particularly heavy root server load to mitigate, less code is better and easier, the unblock-lan-zones statement is a frequently asked question from our users. That said, we could add new code for this (and .onion?). Best regards, Wouter -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWAP6FAAoJEJ9vHC1+BF+N0acP/izkFs3pdDv0OMXqIC2p6I7e Qfbo+FfHawVfA8u58AaWJIcO7mdCiSDmzj7vzr3pnTWvdIuOZRKNuZphtzTwKuuV H/+bB9oeFwXef61uX3hepjihKmpoCY7l/UOhDlLRVIyQvYV5hmN1HJ3yHRkIXXCH lNxl0i4upEF7pBtVvnhl9jr/mYmPz4+6T7yKs4FV63RaQAXezRJyt/qmpBXDdvuf it82RdF0HmWNXegMiW7oV3iwZW5xrOpHYUPmbhYw4t85y1VkOHz4lbpdVZL9lDCs 33SySG1fgXSRe5LS4MHWnUJVTE1byAkZ1Hl5nK6D5MvEt9B/3utYiLjKDmBQrCLP bGsFesWcGf0OzA3OyVYgS24Vhs9pSJhzTke7B1g6Tmxc5PSZhUJS6STE6SWlI6XL 9Crd8VKyb4pNwq44ZHMzwu90vCshLAsOaKWpdj4iq00l8zxudZiGRmBj7Lz3qTRv ui/U9RtDVx2QQ+EyArgrzynrTTlg7LJan80/yhH7qohfRKffcy8DyqLKchujt+Wf RkhxrJtN/DlZvWqnqSGKAXt1Ah7fHnyqmbNuuPh82eiADyD9tw9uJt3K9bbiVUyN 1OdfgfbOK+xs/gxWUHHj4kfwhFR1DSGqs/eZoc5YFfJIDja/zGT8ftnZ/rmy9ScA bKFLzSWsptRIQKkH45TH =xeKM -----END PGP SIGNATURE-----