Hi,
I'm running Unound 1.7.0 with all the fancy features enabled (qname minimisation, aggressive NSEC caching, the lot).
When I start with an empty cache, this DNAME domain causes a SERVFAIL:
dig A _sidn._dnssec-valcheck-20180418.z-347054971.bergzand.nl
(same for slxh.nl)
Second attempt gives the expected NXDOMAIN.
Anyone any clue of what is happening here?
Appears qname minimisation related, because unbound-host also results in a bogus with that option enabled.
[1524050954] libunbound[16982:0] info: validate(cname): sec_status_secure
Host _sidn._dnssec-valcheck-20180418.z-347054971.bergzand.nl not found: 3(NXDOMAIN). (BOGUS (security failure))
validation failure <_sidn._dnssec-valcheck-20180418.z-347054971.bergzand.nl. A IN>: misc failure