shaft, (edited ) French ![]()
Now that is interesting: #Unbound reports an #DNSSEC related #EDE, even with the CD flag set. We know there is a problem but still have the desired result. Nice :3
$ dig @::1 +cd dnssec-failed.org
...
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41039
;; flags: qr rd ra cd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
...
; EDE: 6 (DNSSEC Bogus)...
...
;; ANSWER SECTION:
dnssec-failed.org. 300...Cloudflare's resolver does the same thing.
$ dig @\1.1.1.1 +cd dnssec-failed.org
...
; EDE: 9 (DNSKEY Missing)...
...
dnssec-failed.org. 300...Google Public DNS fails at reporting the problem, no EDE in answer.