On Thu, Mar 03, 2016 at 08:58:02 +0100, Olav Morken wrote: > On Wed, Mar 02, 2016 at 16:58:38 +0000, Tony Finch wrote: > > Does Unbound use CD=1 when forwarding? If so, it should expect to receive > > partially bogus answers and should handle them gracefully. > > I checked, and it does set the CD-flag.
I forgot to mention this, but I also did a quick test where I patched[1] of Unbound to not set the CD-flag in its queries, and at that point DNS resolution worked. Checking packet captures shows that BIND does not include the NS-records in that case. [1] https://gist.github.com/olavmrk/f9e9c68ec2932e026b4e Best regards, Olav Morken UNINETT
