On Sun, 16 Jun 2024 02:45:15 +0100, J Carter <jordanc.car...@outlook.com> wrote: > > Sounds familiar :) > > https://mailman.nginx.org/pipermail/nginx-devel/2022-May/YQ3MYP4VNQYWEJS3XYLPMU4HZUKS4PYF.html
Unfortunately, the AD bit is set by the libunbound-based resolver when it is configured to use an upstream forwarder that also supports security. My guess is that unbound uses itself as DNS client in this case and set such bit to request to the upstream. Probably it can be fixed in unbound / libunbound, but such behavior exists right now and affects many different devices... Thus, RFC 6840 suggested to set such bit when a request has one, but not required, which means that current logic of libunbound RFC complaint, and nginx is violating by rejecting such a request. -- wbr, Kirill _______________________________________________ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx
