On 3/02/2009, at 12:10 PM, Nick Phillips wrote:
Package: unbound
Version: 1.0.2-1
Severity: normal
Unbound seems to trust (and pass on to clients) extra/glue data in
responses from authoritative servers, even when this extra data
contradicts that held locally for a transparent zone.
Example:
Authoritative server has records:
foo.example.com A 192.168.1.1
bar.example.com CNAME a.example.com.
Unbound has the following in a transparent zone:
foo.example.com A 10.1.1.1
A query to unbound, `dig -t a bar.example.com @<unbound ip>` receives
the answer given by the authoritative server:
bar.example.com CNAME a.example.com.
foo.example.com A 192.168.1.1
This is at the very least counter-intuitive, at worst - who knows?
Looking at it more closely, it appears the extra record is not being
helpfully added by the authoritative server and then being passed on
by unbound; unbound is explicitly making an extra query for that
information (when it already has the correct information in the
transparent zone!).
Cheers,
Nick
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
