Hi, I'm seeing unbound making extra resolution requests for CNAME records in a chain where the domains differ between the record in the question and the CNAMEs in the answer. For example a query coming into unbound for a host like a.b.c.com that gets a reponse from the server with CNAME a.b.e.com, CNAME, a.d.e.com, A 1.2.3.4. Instead of returning those immediately to the client unbound proceeds to resolve a.b.e.com and a.c.e.com, and then return to the client. From the logs, when verbose logging is turned on we see messages like:
info: sanitize: removing extraneous answer RRset: a.b.e.com. CNAME IN Our unbound config is fairly simple with a forward-zone for "." pointing to our upstream DNS servers. We don't have DNSSEC enabled. >From a quick look at the source I think this is happening in the scrubber at https://github.com/NLnetLabs/unbound/blob/master/iterator/iter_scrub.c#L663 I was wondering if there was anyway to stop these extra lookups?
