Hi, I have been looking online for some time try to fix this problem, hopefully this is the right last resort place.
Is there a way to make unbound honor my forwarder's dnssec validation? For example, I use unbound as a caching forwarder and have "." set as a forwarding zone that forwards everything to Google's public DNS (8.8.8.8). However, when I test dnssec, I get a valid reply from servers such as www.dnssec-failed.org. This doesn't happen if I use Google's DNS as my normal resolver, in which case I get a SERVFAIL response. Is this possible? I have trouble understanding why unbound would give a valid reply, whereas the forwarder server, when queried directly, returns a SERVFAIL empty answer. Thanks
