.onion and dnssec

Tony Finch dot at dotat.at
Tue Nov 12 13:28:51 UTC 2019

Erich Eckner <bind at eckner.net> wrote:
> To my understanding, the difference between "forward first;" and "forward
> only;" is, that the former caches and the latter forwards all queries.
> However, I see the same behaviour in the log for both. Where is my mistake?

My understanding is that first vs. only is related to fallback behaviour,
though I don't know what kind of forwarding failures cause named to revert
to iterating. [I don't use forwarding myself, but I view `forward first`
with deep suspicion since it looks like the kind of thing that turns
misconfigurations into performance problems and mysterious weirdness.]

