Re: Jostle logic seems to randomly stop working

2018-05-23 Thread Tuomo Soini via Unbound-users
On Wed, 23 May 2018 08:11:09 +0200 "W.C.A. Wijngaards via Unbound-users" wrote: > Hi Dmitry, > > On 19/05/18 03:59, Dmitri Kourennyi via Unbound-users wrote: > > More investigation results: > > > > I think the issue appears when unbound is trying to probe the master

Re: Jostle logic seems to randomly stop working

2018-05-23 Thread W.C.A. Wijngaards via Unbound-users
Hi Dmitry, On 19/05/18 03:59, Dmitri Kourennyi via Unbound-users wrote: > More investigation results: > > I think the issue appears when unbound is trying to probe the master > servers for > the auth_zone section. The logs show unbound doing lookups on all the > auth_zone > domain names in my

Response Policy Zone Support

2018-05-23 Thread Matthew Stith via Unbound-users
Hello, Unbound does not currently provide support for Response Policy Zone (RPZ) but it has been stated in the past on the list that support for it is on the roadmap of development. Is there any update on when RPZ will be implemented and if there is any alpha/beta version of Unbound with RPZ that

Re: Some sites not resolving (DNSSEC?)

2018-05-23 Thread Petr Špaček via Unbound-users
On 23.5.2018 15:46, W.C.A. Wijngaards via Unbound-users wrote: Hi Hank, On 23/05/18 15:23, Hank Barta via Unbound-users wrote: Hi all, I use pfsense for my firewall and have selected the unbound resolver for DNS on my home LAN. I have configured this to use Cloudflare DNS with DNSSEC enabled. 

Re: Some sites not resolving (DNSSEC?)

2018-05-23 Thread W.C.A. Wijngaards via Unbound-users
Hi Hank, On 23/05/18 15:23, Hank Barta via Unbound-users wrote: > Hi all, > I use pfsense for my firewall and have selected the unbound resolver for > DNS on my home LAN. I have configured this to use Cloudflare DNS with > DNSSEC enabled.  In addition to checking the "Enable DNSSEC Support" >

Re: Response Policy Zone Support

2018-05-23 Thread A. Schulze via Unbound-users
Matthew Stith via Unbound-users: Unbound does not currently provide support for Response Policy Zone (RPZ) but it has been stated in the past on the list that support for it is on the roadmap of development. Is there any update on when RPZ will be implemented and if there is any alpha/beta

Re: Response Policy Zone Support

2018-05-23 Thread Matthew Stith via Unbound-users
On 5/23/2018 10:03 AM, A. Schulze via Unbound-users wrote: > > Matthew Stith via Unbound-users: > >> Unbound does not currently provide support for Response Policy Zone >> (RPZ) but it has been stated in the past on the list that support for it >> is on the roadmap of development. Is there any

Re: Unbound on FreeBSD 11, uses just one of 8 threads?

2018-05-23 Thread Viktor Dukhovni via Unbound-users
On Wed, May 23, 2018 at 07:56:42AM +0200, W.C.A. Wijngaards wrote: > > I have 8 threads configured, anyone know why unbound would > > do all the work in just one thread? > > Previously people that asked this, had a usage that one thread could > satisfy. Perhaps the other cpu cores are running

Re: Some sites not resolving (DNSSEC?)

2018-05-23 Thread Petr Špaček via Unbound-users
On 23.5.2018 15:58, Petr Špaček via Unbound-users wrote: On 23.5.2018 15:46, W.C.A. Wijngaards via Unbound-users wrote: Hi Hank, On 23/05/18 15:23, Hank Barta via Unbound-users wrote: Hi all, I use pfsense for my firewall and have selected the unbound resolver for DNS on my home LAN. I have

Some sites not resolving (DNSSEC?)

2018-05-23 Thread Hank Barta via Unbound-users
Hi all, I use pfsense for my firewall and have selected the unbound resolver for DNS on my home LAN. I have configured this to use Cloudflare DNS with DNSSEC enabled. In addition to checking the "Enable DNSSEC Support" checkbox on the DNS Resolver configuration page I have added the custom

Re: Some sites not resolving (DNSSEC?)

2018-05-23 Thread Hank Barta via Unbound-users
Thanks for looking into this. I have added some other sites that also present this problem to the issue. best, hank On Wed, May 23, 2018 at 8:58 AM, Petr Špaček via Unbound-users < unbound-users@unbound.net> wrote: > On 23.5.2018 15:46, W.C.A. Wijngaards via Unbound-users wrote: > >> Hi Hank,

Tuning for survey workloads

2018-05-23 Thread Viktor Dukhovni via Unbound-users
My workload sends lots of queries to various TLDs and public suffix 2LDs (.co.uk, ...), but non-infrastructure queries to leaf domains are almost not repeated sufficiently often to be found in the cache. How should I tune the cache? Ideally, (but unbound likely can't do this), the

Re: Some sites not resolving (DNSSEC?)

2018-05-23 Thread Havard Eidnes via Unbound-users
> This generally seems to work except for several hosts from which I try to > fetch podcasts. One of these is coder.show. Just a note, http://dnsviz.net/d/coder.show/dnssec/ shows several warnings related to coder.show -- apparently the auth name servers reply with CNAME *and* other data for

Re: Response Policy Zone Support

2018-05-23 Thread Paul Vixie via Unbound-users
as before, we have code that implements rpz for unbound. however, it is not open-source licensed. any unbound recursive server that operates a passive dns sensor and thus sends its cache miss traffic to SIE, is automatically licensed to be linked against and run alongside "fastrpz" which is