Hi Rob, No, Unbound does not have a configuration option to disable the DO flag on outgoing queries.
Regards, -- Ralph On 06-10-16 19:56, Rob Andrzejewski via Unbound-users wrote: > Afternoon Unbound Users, > > In my particular use case of Unbound, we don't need dnssec validation. > I have disabled validation through the config and confirmed that the > server is not validating. However, I recently did a tcpdump of my > unbound server traffic and noticed that Unbound sets the 'do' flag on > all recursive queries. > So, it is receiving all the dnssec info even though it's not using it > for validation. Which also means it's caching all the rrsig, etc > records. > > Is there a configuration option to disable the 'do' flag on outbound requests? > > Any assistance is greatly appreciated. > > Thanks, > RA >
