[Pdns-users] DNSSEC, pdns-recursor and libunbound

Michael Ströder michael at stroeder.com
Fri Apr 24 15:04:37 UTC 2015


We're currently testing DNSSEC validation with libunbound 1.5.3 with all 
the RRs
retrieved through a pdns-recursor (also tested 3.7.2).

It seems that

1. libunbound does not explicitly retrieve the RRSIG RRs and

2. pdns-recursor does not return them when not explicitly request (qtype 
    (Explicitly requesting RRSIG works.)

=> validation in libunbound fails

Did anybody else try such a setup before? Did it work?

Most people doing DNSSEC validation simply use bind9 or unbound for 
and as validating resolver but for now that's likely not an option in 

Any hint is appreciated. Thanks in advance.

Ciao, Michael.

More information about the Pdns-users mailing list