While I was installing the unbound to work with Pi-hole, I found that the value of the parameter use-caps-for-id in the config file (/etc/unbound/unbound.conf.d/dietpi.conf) disagrees with the sample one in the Pi-hole documentation (unbound - Pi-hole documentation). Moreover, I also found that the default value set in Unbound documentation is also no (Ref: unbound.conf(5) — Unbound 1.17.1 documentation).
The reason why the value is set to no is due to its sometimes causing DNSSEC issues.
I’m just a newbie and I’m just putting up my findings here. Welcome to discuss. I really love to learn more. Thanks.
Does it cause DNSSEC issues in your case? At least I’m not aware of a case it did. Such info/defaults are sometimes based on very outdated information. It is a little security hardening and hence should be enabled as long as it does not cause issues.
To to have that thread for additional background. However, I skip it as long as not someone actually faces issues with Unbound with indeed are resolved by inverting that setting. And even then, we should try to find out how to replicate it, since it seems to be very rare, and probably better document it as a possible solution IF someone faces issues with Unbound.