Discovery of Designated Resolvers
Bruno Blanes
bruno.blanes at outlook.com
Wed Oct 4 13:27:52 UTC 2023
Ahoy there,
I've been messing around with Unbound v1.18.0 and DDR by setting up some local-data for _dns.resolver.arpa. and it seems to work fine, except for the additional data section that doesn't come with it as per draft-ietf-add-ddr-10 document:
"When responding to these special queries for "resolver.arpa", the recursive resolver SHOULD include the A and AAAA records for the name of the Designated Resolver in the Additional Answers section."
Is there a way to include the additional section when using a local zone? I am half sure this is bugging Windows 11's DoH settings since it works when I set DoH to manual mode without unencrypted fallback.
Would also like to point out that using a local zone, the server responds to other queries to the domain resolver.arpa with NXDOMAIN instead of the expected NODATA, per item 6.4 of the internet draft:
"DNS resolvers that support DDR by responding to queries for _dns.resolver.arpa MUST treat resolver.arpa as a locally served zone per [RFC6303]. In practice, this means that resolvers SHOULD respond to queries of any type other than SVCB for _dns.resolver.arpa with NODATA and queries of any type for any domain name under resolver.arpa with NODATA."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20231004/6f8a334e/attachment.htm>
More information about the Unbound-users
mailing list