Greetings, On Mon, 17 Jun 2024 19:08:22 +0100, J Carter <jordanc.car...@outlook.com> wrote: > > It's caused by DNS Cache poisoning (either intentionally, or > unintentionally), from a recursive resolver that caches CD bit but > does not zero it if a non dns-sec query hits that cached response. > > I see unbound also has a ticket open for this: > https://github.com/NLnetLabs/unbound/issues/649
I just tried it on my laptop where I use local libunbound-based resolver, and I can't reproduce it: ~ $ dig +short sigfail.verteiltesysteme.net @127.0.0.1 ~ $ dig +cd +short sigfail.verteiltesysteme.net @127.0.0.1 sigfail.rsa2048-sha256.ippacket.stream. 195.201.14.36 ~ $ dig +short sigfail.verteiltesysteme.net @127.0.0.1 Thus, I've tried unbound 1.18 and 1.20 as well with the same result. But anyway, I suggest you offer a ptach because it can be quite painful for LB. -- wbr, Kirill _______________________________________________ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx
