Maintained by: NLnet Labs

[Unbound-users] private-address behaviour

Aaron Hopkins
Thu Jan 27 22:57:06 CET 2011


[Ignore my typo of a blank message sent to the list if you see it.]

On Thu, 27 Jan 2011, W.C.A. Wijngaards wrote:

> Yes this is caused by line 648 of iterator/iter_scrub.c.  This is
> extra-paranoid, since it can also just strip off the offending record.

I ran into this too, and I had to disable private-address on user-facing
instances of unbound because there are apparently enough slightly broken
domains that list additional records of RFC1918 nameservers to be annoying.

Can removing this line of code be the default behavior?  I suspect you
would take issue with asking that this turn into a config toggle, which I'd
also be fine with.

                                     -- Aaron