shaft, 3 months ago (edited 3 months ago) French Now that is interesting: #Unbound reports an #DNSSEC related #EDE, even with the CD flag set. We know there is a problem but still have the desired result. Nice :3 $ dig @::1 +cd dnssec-failed.org ... ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41039 ;; flags: qr rd ra cd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ... ; EDE: 6 (DNSSEC Bogus)... ... ;; ANSWER SECTION: dnssec-failed.org. 300... Cloudflare's resolver does the same thing. $ dig @\1.1.1.1 +cd dnssec-failed.org ... ; EDE: 9 (DNSKEY Missing)... ... dnssec-failed.org. 300... Google Public DNS fails at reporting the problem, no EDE in answer.
Now that is interesting: #Unbound reports an #DNSSEC related #EDE, even with the CD flag set. We know there is a problem but still have the desired result. Nice :3
$ dig @::1 +cd dnssec-failed.org ... ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41039 ;; flags: qr rd ra cd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ... ; EDE: 6 (DNSSEC Bogus)... ... ;; ANSWER SECTION: dnssec-failed.org. 300...
Cloudflare's resolver does the same thing.
$ dig @\1.1.1.1 +cd dnssec-failed.org ... ; EDE: 9 (DNSKEY Missing)... ... dnssec-failed.org. 300...
Google Public DNS fails at reporting the problem, no EDE in answer.
