Hello,
I have an issue with cname since this patch : https://github.com/NLnetLabs/unbound/commit/2be0263dfa72f314c4cb61599f1ec7e90784da9c I'm using unbound 1.7.3 with qname-minimisation: yes and the problem only occurs if i ask for a CNAME on a domain having DNSSEC activated. Most of the time i get a SERVFAIL. --- Example --- ~ # dig cname pcs-cname.eyof.ovh ; <<>> DiG 9.10.3-P4-Debian <<>> cname pcs-cname.eyof.ovh ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 28362 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;pcs-cname.eyof.ovh. IN CNAME ;; Query time: 770 msec ;; SERVER: 213.186.33.99#53(213.186.33.99) ;; WHEN: Mon Aug 13 17:50:32 CEST 2018 ;; MSG SIZE rcvd: 47 --- it works only if - domain has NOT DNSEC activated. - you ask for A instead of CNAME. I finally recompiled a version of unbound 1.7.3 without this patch and i have no more problem. Are you aware of this issue ? is there an other way to correct this problem ? Thanks. Best Regards -- Alex
