Afternoon Unbound Users, In my particular use case of Unbound, we don't need dnssec validation. I have disabled validation through the config and confirmed that the server is not validating. However, I recently did a tcpdump of my unbound server traffic and noticed that Unbound sets the 'do' flag on all recursive queries. So, it is receiving all the dnssec info even though it's not using it for validation. Which also means it's caching all the rrsig, etc records.
Is there a configuration option to disable the 'do' flag on outbound requests? Any assistance is greatly appreciated. Thanks, RA