Wouter Wijngaards

When I run this query, I get the result with 1 TTL for the SOA. The changelog says this was fixed in 1.13.1, so it should work in 1.14.0. It...

Yes, because type A exists, another type gives a SOA answer. So if I try it here with the latest version, it seems to work fine. But it does not...

Does the setting `harden-below-nxdomain: no` fix the issue? If so there may be an issue with that option. When the domain is DNSSEC signed, perhaps it also makes a difference....

For the long term, the solution does not really make that much trouble. It would be better to leave it at default, because the standards say it should be and...

Diverting DNS traffic, like this, is not really good, and I think perhaps only useful as a debug aid, it looks like tampering to me, for the end clients. If...

Yes that is a complicated space of concerns about device ownership and traffic patterns. But I wanted to make you aware, if you weren't, about DoT and so on. The...

It may also be possible to enable both the `interface-automatic: yes` and `ip-transparent: yes` option at the same time, and that may be a good possible configuration. The `ip-transparent: yes`...

The item belongs to @Philip-NLnetLabs . And he tells me that he does not want it because it breaks DNSSEC. DNSSEC would not work for downstream validators. The code looks...

Vague future plans for improvement in allowing more configuration options exist. This can be found on plans into the further future developments.

I believe this issue could be caused by https://github.com/NLnetLabs/unbound/commit/b865aca03a5c653356334c789b54e70c0bd0e08d . Applying that fix may solve it. If the commit fixes it, then what happens could be that the fib change...