<![CDATA[unbound client forward to knot-resolver server without recursion desired (RD) bit get status REFUSED.]]>I'm working on a hobby project of setup my private remote resolver with knot-resolver. In knot-resolver documentation by default refuse queries without RD bit set to prevent snooping and able to unload the module right now as a workaround for unbound forward queries.

My issue is now I have a DNS over tls port available on the remove server for my and I can't stop anyone from snooping the cache.
What setting should set RD bit on out going queries?

]]>https://forum.netgate.com/topic/174926/unbound-client-forward-to-knot-resolver-server-without-recursion-desired-rd-bit-get-status-refusedRSS for NodeSun, 17 May 2026 19:01:09 GMTMon, 26 Sep 2022 09:43:31 GMT60<![CDATA[Reply to unbound client forward to knot-resolver server without recursion desired (RD) bit get status REFUSED. on Mon, 26 Sep 2022 10:32:24 GMT]]>@sauce
I've found https://knot-resolver.readthedocs.io/en/stable/modules-refuse_nord.html
How is this related to pfSense ?

]]>https://forum.netgate.com/post/1063394https://forum.netgate.com/post/1063394Mon, 26 Sep 2022 10:32:24 GMT