Support "checking disabled" flag in forwarding mode
Unbound and other resolvers can skip DNSSEC validation when the 'checking disabled' flag is present in the request (+cd
option to dig
). This can be very handy for troubleshooting DNS issues but it is apparently is not supported by Knot (tested version 1.2.2). A handy domain to test is dnssec-failed.org
.
Was this a deliberate decision? Are there plans to support it in the future?