You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Disable the EDNS DO flag in upstream requests. This can be helpful for devices that cannot handle DNSSEC information. But it should not be enabled otherwise, because that would stop DNSSEC validation. The DNSSEC validation would not work for Unbound itself, and also not for downstream users. Default is no.
The reason will be displayed to describe this comment to others. Learn more.
The changes look good to me.
I am not certain about the name of the option since it is very technical, but then again this option should only be considered if you actually know what you are doing and the consequences to the resolver's clients. So maybe it is fine this way; also I can't come up with a better name.
- Merge #944: Disable EDNS DO.
Disable the EDNS DO flag in upstream requests. This can be helpful
for devices that cannot handle DNSSEC information. But it should not
be enabled otherwise, because that would stop DNSSEC validation. The
DNSSEC validation would not work for Unbound itself, and also not
for downstream users. Default is no. The option
is disable-edns-do: no
jedisct1
added a commit
to jedisct1/unbound
that referenced
this pull request
Oct 24, 2023
* nlnet/master: (64 commits)
Changelog entry for NLnetLabs#951. - Merge NLnetLabs#951: Cachedb no store. The cachedb-no-store: yes option is used to stop cachedb from writing messages to the backend storage. It reads messages when data is available from the backend. The default is no.
- Fix to print detailed errors when an SSL IO routine fails via SSL_get_error.
- Changelog entry for: Merge NLnetLabs#955 from buevsan: fix ipset wrong behavior. - Update testdata/ipset.tdir test for ipset fix.
- Update the dns64_lookup.rpl test for the DNS64 fallback patch.
- Changelog entry for DNS64 patches from Daniel Gröber.
Fixes for dns64 fallback to plain AAAA when no A records: - Cleanup if condition. - Rename variable for readability.
dns64: Fall back to plain AAAA query with synthall but no A records
Fixes for dns64 readability refactoring: - Move declarations to the top for C90 compliance. - Save cycles by not calling (yet) unneeded functions. - Possible use of uninitialised value. - Consistent formatting.
dns64: Fix misleading indentation
dns64: Refactor handle_event checks for readability
fix ipset wrong behavior
- FixNLnetLabs#954: Inconsistent RPZ handling for A record returned along with CNAME.
- Update pymod tests for the new Python script variable.
- For multi Python module setups, clean previously parsed module functions in __main__'s dictionary, if any, so that only current module functions are registered.
- Expose the configured listening and outgoing interfaces, if any, as a list of strings in the Python 'config_file' class instead of the current Swig object proxy; fixesNLnetLabs#79.
- Expose the script filename in the Python module environment 'mod_env' instead of the config_file structure which includes the linked list of scripts in a multi Python module setup; fixesNLnetLabs#79.
- Better fix for infinite loop when reading multiple lines of input on a broken remote control socket, by treating a zero byte line the same as transmission end. Addesses NLnetLabs#947 and NLnetLabs#948.
Apply suggestions from code review
- cachedb-no-store, example conf and man page documentation.
Changelog note for NLnetLabs#944. - Merge NLnetLabs#944: Disable EDNS DO. Disable the EDNS DO flag in upstream requests. This can be helpful for devices that cannot handle DNSSEC information. But it should not be enabled otherwise, because that would stop DNSSEC validation. The DNSSEC validation would not work for Unbound itself, and also not for downstream users. Default is no. The option is disable-edns-do: no
...
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Disable the EDNS DO flag in upstream requests. This can be helpful for devices that cannot handle DNSSEC information. But it should not be enabled otherwise, because that would stop DNSSEC validation. The DNSSEC validation would not work for Unbound itself, and also not for downstream users. Default is no.
The option is
disable-edns-do: no
.