Re: SRVFAIL with forward-zone in secured zone

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Over, On 18/08/15 13:20, Over Dexia via Unbound-users wrote: Hello, If this is a double post, I'm sorry. I just have no way of checking if this request arrived at the list (I didn't get a copy, that much I know). Maybe if someone could at

Re: unbound NXDOMAIN TTL shared between records

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Patrik, On 22/08/15 07:27, Patrik Lundin wrote: On Fri, Aug 21, 2015 at 11:13:34PM +0200, Wouter Wijngaards via Unbound-users wrote: This is because the RRset cache is shared between answers. The SOA record is in that cache. When you

Re: deadlock in unbound-control commands

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Poprocks, On 24/08/15 01:52, Poprocks via Unbound-users wrote: Hello, I have encountered an issue in which unbound appears to hang when issuing commands via unbound-control. I am running unbound 1.5.4 built on an Ubuntu 12.04 system. I've

Re: unbound fetches DNS record from nsd but does not return it to client

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Patrik, On 03/08/15 18:50, Patrik Lundin wrote: On Mon, Aug 03, 2015 at 12:42:00PM +0200, W.C.A. Wijngaards via Unbound-users wrote: I've fixed up the manual page and the example config file, and they now discuss configuring domain

Re: Query logging performance

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Darren, On 03/08/15 19:50, Darren Spruell via Unbound-users wrote: Unbound's documentation mentions that query logging can have very adverse performance on server operation. I was curious if the project feels this has been optimized to the

Re: unbound fetches DNS record from nsd but does not return it to client

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Patrik, On 01/08/15 10:33, Patrik Lundin via Unbound-users wrote: On Fri, Jul 31, 2015 at 10:36:34PM -0400, Sonic via Unbound-users wrote: I doubt that local-zone: 1.168.192.in-addr.arpa nodefault is necessary since you're defining it as a

Re: configure does not detect LibreSSL 2.2.2 properly

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Christian, On 10/08/15 17:49, Christian Neukirchen via Unbound-users wrote: Hi, I noticed the LibreSSL configure test in unbound 1.5.4 does not detect LibreSSL 2.2.2: if grep OPENSSL_VERSION_TEXT $ssldir/include/openssl/opensslv.h |

Re: Trusted upstream resolver

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Dave, On 11/03/2015 10:04 PM, Dave Warren via Unbound-users wrote: > On 2015-11-03 05:57, W.C.A. Wijngaards via Unbound-users wrote: >> No, there is no option to disable the CNAME checks. The trust in >> the other nameserve

Unbound 1.5.6rc1 maintainers prerelease

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, Unbound 1.5.6rc1 maintainers prerelease is available: http://www.unbound.net/downloads/unbound-1.5.6rc1.tar.gz sha1 b657098c3878d85e9f3f23d6c39b81aaf7ddbc1e sha256 2aa591c91ac8f9ddcd4c6c80d0862d37ee1b08c480af5874256d4e5394c30301 pgp

Re: unbound and systemd

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Sami, The patch looks very nice. I would like to include contrib items that make systemd integration easier. The code patches are well written. I would like to incorporate them (with some changes, like not installing the systemd integration

Re: howto resolve 10.in-addr.arpa

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Andreas, On 07/10/15 15:06, A. Schulze via Unbound-users wrote: > > Hello, > > we have the following configuration to point unbound-1.5.4 to our > private nameservers: > > server: local-zone: "10.in-addr.arpa." transparent domain-insecure: >

Re: unbound and systemd

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Sami, On 10/14/2015 09:32 PM, Sami Kerola wrote: > On 14 October 2015 at 08:12, W.C.A. Wijngaards > wrote: > > Hi Wouter, et.al., > >> The patch looks very nice. I would like to include contrib items >> that make systemd

Re: unbound flooding syslog with 'sendto failed: Cannot assign requested address'

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Hendrik, On 10/16/2015 12:47 PM, Hendrik Jaeger via Unbound-users wrote: > Hi, > > I’m running unbound 1.4.22 from debian unstable on my laptop. Since > yesterday unbound started behaving strangely, flooding the syslog > with failure messages.

Unbound 1.5.6 release

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, Unbound 1.5.6 is available: http://www.unbound.net/downloads/unbound-1.5.6.tar.gz sha1 b1e521669d6e5a3c1baf8b71dad070e38887162b sha256 ad3823f5895f59da9e408ea273fcf81d8a76914c18864fba256d7f140b83e404 pgp

Re: SIGQUIT vs SIGTERM

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Dag-Erling, On 10/14/2015 01:44 PM, Dag-Erling Smørgrav via Unbound-users wrote: > Traditionally, Unix daemons will reload their configuration upon > receiving SIGHUP and terminate gracefully upon receiving SIGTERM. > Unbound follows this

Unbound 1.5.5 release

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, Unbound 1.5.5 is available: http://www.unbound.net/downloads/unbound-1.5.5.tar.gz sha1 ff93df847187120c9ee98e7eebe4bb1bc859a8f2 sha256 f3bd7d3bc9519e8717abdc35c26cb2d84c3c3a3e2cd657604307e6860b37da5e pgp

Re: Unbound obtains DNS data but fails to report it / return it

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Patrick, You are not using full recursion but forwarding to 'public services' of apparently debatable quality. Try turning off the forwarding clause in unbound.conf and go to the authoritative servers to get the data yourself. If you are

Unbound 1.5.5rc1 maintainers prerelease

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, Unbound 1.5.5rc1 maintainers prelease candidate 1 is available: http://www.unbound.net/downloads/unbound-1.5.5rc1.tar.gz sha1 5b00efea35abb168d7788d6970edf221ddcc975d sha256 d03f293305ca5c5e354db6fb1389870322b1fa2ec02e3c146c6a14c2ba53c525 pgp

Re: Unbound local zone limit?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Yuri, On 10/02/2015 03:50 PM, Yuri Voinov via Unbound-users wrote: > > Hi there, > > does anybody know, is Unbound has local zone limit? No, they are kept in a lookup structure that is similar in design to the data structure in NSD

Re: rfc6761 compliance

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Robert, Andreas, On 11/09/15 17:54, Robert Edmonds via Unbound-users wrote: > A. Schulze via Unbound-users wrote: >> Hello, >> >> the RFC 6761 give some advise how caching DNS servers SHOULD >> handle queries for reserved domains. Mostly it

Re: [PATCH] unable to reload globs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Dag-Erling, On 17/09/15 18:39, Dag-Erling Smørgrav via Unbound-users wrote: > When the configuration lexer processes an include directive and > unbound is chrooted, it will attempt to strip the chroot directory > from the front of the filename.

Re: unbound-control flush_zone behaviour w.r.t the DS record

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Paul, On 16/09/15 04:35, Paul Wouters via Unbound-users wrote: > > Hi, > > Today I ran into an unexpected flush issue. A domain with DS record > no longer signed its zone and became BOGUS. Once the registrar > removed the DS record, I ran an

Re: A record from cache for request that resolved to (some) CNAMEs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Mehmed, On 21/09/15 13:17, Mehmed Kahric via Unbound-users wrote: > Hi, > > I have a similar issue as reported in Bug 669. > > For some (one for now) CNAMEs we have a empty A record answer from > Unbound. Proper answer came from remote DNS as

Re: Making unbound-anchor very verbose

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Ed, It does not say a lot because all it does is do an UDP query, see that it works, and exit. If you add, say, -F (force TLS update), then it'll print out a lot of info (with -). Like, https headers, ssl certificates, xml contents ...

Re: Minor error in unbound.conf.5.in

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Ross, On 01/09/15 06:29, Ross L Richardson via Unbound-users wrote: > Word repetition error: If the the minimum kicks in should be If the > minimum kicks in Thank you. Fixed. Best regards, Wouter -BEGIN PGP SIGNATURE- Version: GnuPG v2

Re: unbound.conf(5) access-control suggestions

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Patrik, On 05/08/15 20:14, Patrik Lundin via Unbound-users wrote: > Hello, > > Following the recent man page modifications I was reminded of > another part of the manual that I am curios if it could be modifed > a bit. This is the part about

Re: unbound-control flush_zone behaviour w.r.t the DS record

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Paul, On 22/09/15 17:28, Paul Wouters wrote: > I'm not sure. It did not become non-bogus for sure. I didn't drop > the cache and the domain is fixed now. So you'll have to create a > test case I guess? :) Found a race condition in that code,

Re: Multi-threaded operation?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Havard, On 05/10/15 14:43, Havard Eidnes via Unbound-users wrote: > Hi, > > it looks like I'll have to answer my own question, which is a > little disappointing: > >> I'm running unbound 1.5.4 on NetBSD/amd64 7.0, and I notice that >>

Unbound 1.5.7rc1 prerelease

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, Unbound 1.5.7rc1 prerelease is available: http://www.unbound.net/downloads/unbound-1.5.7rc1.tar.gz sha1 938ab7e2739aa65c261ce2ff989e27e7fcccd5c4 sha256 c614c4234776d919dd296ee750d3cf6161a2749d83010b4b4385cf21cf165861 pgpsig

Re: how to set lower TTL for redirect data? default ttl is 3600

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Pujo, On 06/12/15 04:35, pujo mulyono via Unbound-users wrote: > Hi, > > Ask, how to set TTL for redirect local-data lower than 3600 > (default)? i read the Documentation but i could not find it if i > want to set ttl = 900, something similar

Unbound 1.5.7 release

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, Unbound 1.5.7 is available: http://www.unbound.net/downloads/unbound-1.5.7.tar.gz sha1 6306fec537f507a41b9c3a7e16e4aa1c10532510 sha256 4b2088e5aa81a2d48f6337c30c1cf7e99b2e2dc4f92e463b3bee626eee731ca8 pgpsig

Re: NULL-checks before free()

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Michael, On 10/12/15 01:35, Michael McConville via Unbound-users wrote: > I thought I'd send a few quick cleanup diffs if people are > interested. I'm an OpenBSD dev and we include Unbound in our base > system, so these are just things I've

Re: Unbound and intermittent network connectivity?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Robert, On 18/12/15 20:05, Robert Edmonds via Unbound-users wrote: > Hi, > > I have a few recent bug reports from Debian users that Unbound > stops resolving after brief interruptions in network connectivity. > Especially from users on laptops,

Re: unbound-control dump_cache / load_cache

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Havard, On 30/12/15 00:28, Havard Eidnes via Unbound-users wrote: > Hi, > > a while back I needed/wanted to reconfigure my unbound recursor to > have more memory available for the "rrset cache", in what seems to > be a futile attempt at

Re: NULL-checks before free()

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Michael, On 11/12/15 21:02, Michael McConville wrote: > W.C.A. Wijngaards via Unbound-users wrote: >> On 10/12/15 01:35, Michael McConville via Unbound-users wrote: >>> I thought I'd send a few quick cleanup diffs if people a

Re: EDNS RRs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, On 11/20/2015 10:11 AM, W.C.A. Wijngaards via Unbound-users wrote: > Hi Ian, > > On 11/19/2015 09:47 PM, Ian Cohee via Unbound-users wrote: >> Hello all, > >> One of our engineers discovered some interesting behavior wh

Re: EDNS RRs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Ian, On 11/19/2015 09:47 PM, Ian Cohee via Unbound-users wrote: > Hello all, > > One of our engineers discovered some interesting behavior while > testing bad EDNS RRs in Unbound. He discovered that Unbound > properly checks and identifies a

Re: Unbound any query handling

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 23/11/15 06:31, Steinar Haug via Unbound-users wrote: >> I have a few recursive name servers running Debian. I have >> recently upgraded the packages I was running from Jessie >> (1.4.22-3) to testing (1.5.6-1). Since the upgrade I have

Re: validation of DSA signatures

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Jan, On 01/13/2016 01:37 PM, Jan V?elák via Unbound-users wrote: > Hello list. > > This is mostly a question for developers: I've noticed that test > suite for Unbound contains scenarios with DSA signatures in a > different format than specified

Re: Logging Source IP

Hi Lorenzo, On 14/06/16 09:29, Lorenzo Mainardi via Unbound-users wrote: > Hi to all, > > I’m running a bunch of unbound as DNS resolver for broadband > customers. > > I have enabled the query logging for troubleshooting, further > analysis and threat detection. > > Is it possible to log also

Unbound 1.5.9

Hi, Unbound 1.5.9 is available: http://www.unbound.net/downloads/unbound-1.5.9.tar.gz sha1 4882c52aac0abcd72a86ac5d06e9cd39576620ce sha256 01328cfac99ab5b8c47115151896a244979e442e284eb962c0ea84b7782b6990 pgp http://www.unbound.net/downloads/unbound-1.5.9.tar.gz.asc New IPv6 address for one of

Re: Preview of data before security is established

Hi Rick, On 27/05/16 11:30, Rick van Rein via Unbound-users wrote: > Hello, > > Is there any way for an asynchronous program to get a preview of DNS > data that is in the process of being validated? No not really. Unbound actually validates queries via libunbound. Actually internally, unbound

Re: Setup client to remote control another Unbound server

even locally when I query the backend IP, as well as from the >> remote machine on the LAN. I had opened up port 8953 to all transports >> on all interfaces. >> >> Is there a setting in unbound.conf *on* the machine that is running >> unbound to specify what interf

Re: Flags?

Hi Viktor, On 30/05/16 20:11, Viktor Dukhovni via Unbound-users wrote: > On Mon, May 30, 2016 at 09:18:59AM +0200, W.C.A. Wijngaards wrote: > >> If secure and bogus are both not set, the message is 'insecure', i.e. it >> was not dnssec signed. > > Also SERVFAIL, FORMERR, NOTIMP, ... are neither

Unbound 1.5.9rc1 pre-release

Hi, Unbound 1.5.9rc1 pre-release candidate 1 is available: http://www.unbound.net/downloads/unbound-1.5.9rc1.tar.gz sha1 216f9c9bd911822f97e45ecb4f5420d59316f653 sha256 606dcacfcb85c15f76c15798d3c54ccd150a9a0545fafd8a5fdff33888e1cb51 pgp

Re: typo, should be cfg->pidfile

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Adi, On 04/02/16 16:10, adi via Unbound-users wrote: > FYI, on latest trunk. I think it is just a typo :-) Thank you, missed that issue! (It is a fix for the code for a fix that has not been released so only latest trunk was affected). Best

Re: [patch] insecure-lan-zones

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Dag-Erling, On 07/02/16 00:29, Dag-Erling Smørgrav via Unbound-users wrote: > Dag-Erling Smørgrav writes: >> When using unblock-lan-zones, you will more likely than not also >> need to disable validation for these zones. The

Re: unbound.c patch

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Edgar, Thank you I have applied this patch. (A space before the ++ is ignored by the compiler, by the way, but this looks neater). Best regards, Wouter On 29/01/16 04:26, Edgar Pettijohn via Unbound-users wrote: > --- unbound.c.origThu

Re: Concerns about DNS & DHCP integration

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Hernan, On 29/01/16 13:23, Hernan Saltiel via Unbound-users wrote: > > > On Fri, Jan 29, 2016 at 4:24 AM, A. Schulze via Unbound-users > > > wrote: > > > Hernan Saltiel via

Unbound 1.5.8rc1 prerelease

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, The 1.5.8rc1 release candidate is available http://www.unbound.net/downloads/unbound-1.5.8rc1.tar.gz sha1 6382f84452523eb134f425a5b19352a883ae70fa sha256 42a076362659f0104a979247835f7c60a3a4c559ab06169c98ba4990aa11a633 pgp

Re: ssl upstream config?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi RunxiaWan, The 'Resolver' that you configured does not send traffic to the Forwarder, and this machine does not provide service on port 853 with SSL to clients. I am not sure if it should send traffic elsewhere in your design, but it is acting

Re: What format does ub_ctx_add_ta expect?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Riccardo, On 01/19/2016 05:36 PM, Riccardo Spagni via Unbound-users wrote: > BUMP:) > > On Sat, Jan 16, 2016 at 10:05 PM Riccardo Spagni > wrote: > > Hi all, > > We've been using ub_ctx_add_ta() in

Re: unbound generating too many log messages

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Mike, On 19/01/16 16:37, Mike via Unbound-users wrote: > On 1/19/2016 10:20 AM, Taylor R Campbell via Unbound-users wrote: >> >> That's irrelevant to the issue Philippe raised. The network is >> not always available, no matter how well you

Re: unbound generating too many log messages

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Taylor, On 19/01/16 16:20, Taylor R Campbell via Unbound-users wrote: > Date: Tue, 19 Jan 2016 13:05:09 +0100 From: Dag-Erling Smørgrav via > Unbound-users > > Philippe Meunier via Unbound-users

Re: Cygwin: ./libtool: eval: line 1098: syntax error near unexpected token `|'

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi sbremal, On 29/02/16 19:24, First name Surname via Unbound-users wrote: > Hi > > Does anyone have an idea how to solve this? Edit Makefile, and change the libtool=./libtool line to use your cygwin system's libtool, with libtool=libtool That

Re: L-Root IPv6 address renumbering

Hi David, On 09/03/16 22:06, David Soltero via Unbound-users wrote: > > This is advance notice that there is a scheduled change to the IPv6 > addresses in the Root Zone for the L root-server, also known as > L.ROOT-SERVERS.NET, which is administered by the ICANN. > > The current IP addresses

Re: L-Root IPv6 address renumbering

Hi Robert, On 17/03/16 14:53, Robert Edmonds via Unbound-users wrote: > W.C.A. Wijngaards via Unbound-users wrote: >> But I think just setting the configuration option for root-hints in >> unbound.conf is probably just what you want? Do you still need to be >> able t

Re: New forward zone records only on restart

Hi Scott, The neg-cache-size does not do what you want, it caches DNSSEC information, for DS lookups. So changing it won't fix your problem. Did you try to dig +cdflag ? Does the servfail disappear? If so, you have a DNSSEC problem. Set val-log-level: 2 in your unbound.conf and it'll

Re: message is bogus, non secure rrset with Unbound as local caching resolver

Hi, On 04/03/16 11:39, Havard Eidnes wrote: >>> Following the "not a bug" response from the BIND maintainers >>> yesterday evening, can you please point to chapter and verse >>> mandating this behaviour for non-authoritative recursive >>> resolvers? >> >> RFC4035 3.2.3 for validators, all

Re: dnstap not logging resolver response messages

Hi Nikolay, On 20/03/16 12:08, Nikolay Edigaryev via Unbound-users wrote: > dnstap-log-resolver-response-messages option has no effect unless > dnstap-log-resolver-query-messages option is also enabled. Thank you for the patch, I have applied it. Best regards, Wouter > > The sample config

Re: L-Root IPv6 address renumbering

Hi, On 17/03/16 05:55, Dave Warren via Unbound-users wrote: > On 2016-03-16 14:06, Robert Edmonds via Unbound-users wrote: >> Dave Warren via Unbound-users wrote: >> This is a good point, it doesn't really matter for the distro user, I >> guess. > > I may be wrong, but for those who take the

Unbound 1.5.8 release

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, Unbound 1.5.8 is available: http://www.unbound.net/downloads/unbound-1.5.8.tar.gz sha1 1391888d2e3395d766545cd3dbdf0f1879c48080 sha256 33567a20f73e288f8daa4ec021fbb30fe1824b346b34f12677ad77899ecd09be pgp

Re: message is bogus, non secure rrset with Unbound as local caching resolver

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Havard, On 02/03/16 20:20, Havard Eidnes via Unbound-users wrote: >>> Unfortunately, the BIND server only tends to return responses >>> where the authority-section has NS-records but no RRSIG-record >>> during the night. I suspect it has

Re: message is bogus, non secure rrset with Unbound as local caching resolver

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Havard, On 03/03/16 09:30, Havard Eidnes wrote: >>> A couple of responses to an 'a' query for this name follows >>> attached below. In both cases you'll see the Authority section >>> contains the NS RRSET but not the RRSIG covering the NS

Re: disable forwardig for specific zones

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Hajo, On 30/03/16 14:59, Hajo Locke via Unbound-users wrote: > Hello, > > thanks for your help. > > Am 30.03.2016 um 14:02 schrieb W.C.A. Wijngaards via > Unbound-users: Hi Hajo, > > On 30/03/16 13:25, Hajo Locke

Re: Trying to fetch SRV data with libunbound / libldns

Hi Rick, On 12/05/16 15:51, Rick van Rein via Unbound-users wrote: > Hello, > > I'm trying to use libunbound (and possibly libldns) to pull out SRV > records. I am not certain how to proceed, based on the documentation > that I could found in the form of man pages, tutorials and doxygen. > >

Re: Building unbound on MXE (short version)

ontaining these > changes? Then I can try to make a MXE project out of it > > Best regards, Henri > > On Tue, Jul 5, 2016 at 9:25 AM, W.C.A. Wijngaards via Unbound-users > <unbound-users@unbound.net <mailto:unbound-users@unbound.net>> wrote: > > Hi He

Re: Strange Crash on iOS

Hi Blair, Perhaps upgrade the libunbound to a newer version, this sounds like a bug in the locking mechanism of the log functions that was fixed a while ago? Otherwise, the fopen(logfile) fails, or the thread_key_create function fails, and it tries to print an error for that? It does not

Re: Unbound Windows Config

Hi Riemann, On 21/07/16 01:43, Riemann . via Unbound-users wrote: > I'm trying to configure Unbound on Windows 7 to forward all requests > from localhost like this: > > requests for *.foo.bar => query 172.16.255.3:153 > all other requests => query 172.16.255.2 > > For

Re: Unbound and senderbase.org requests

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Dimitar, The query work for me, both with and without qname minimisation. The name v1x2s.rf-adfe2ko9.senderbase.org. returns NXDOMAIN and this is an error. But qname minimisation works around it (by assuming non-DNSSEC servers cannot get

Re: DNSSEC validaion fail for _25._tcp.eldinhadzic.com

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Andreas, You have enabled qname-minimisation. And the server does not support queries for _tcp.eldinhadzic.com. The answer for _tcp.eldinhadzic.com. is NXDOMAIN. And the DNSSEC proof for it is broken. For _25._tcp TLSA there is a TLSA

Re: Building unbound on MXE (short version)

Hi Henri, I made slightly different fixes for these issues: if echo $host $target | grep mingw32 >/dev/null; then on_mingw="yes" And the sldns_wire2str stuff is fixed with extra link arguments in Makefile.in for anchor-update.exe. That should make the build work also for other ports than MXE.

Re: FW: Validation failure signature crypto failed

Hi Jac, I don't really know about postfix or email, but 'signature crypto failed' means that the data did not match the signature. Thus SERVFAIL is the correct rcode. It means that the contents of the TXT record have been altered, and the text in it does not match the RRSIG digital signature.

Unbound 1.6.1 release

Hi, Unbound 1.6.1 is available: https://www.unbound.net/downloads/unbound-1.6.1.tar.gz sha256 42df63f743c0fe8424aeafcf003ad4b880b46c14149d696057313f5c1ef51400 pgp https://www.unbound.net/downloads/unbound-1.6.1.tar.gz.asc https://www.unbound.net/downloads/unbound-1.6.1.zip

Re: Stats Shared Memory

Hi Luiz, Thank you for your patch. I have included it (but not in 1.6.1, but it is in the code repository for 1.6.2). Modified the patch a bit to clean it up and I added unbound-control stats_shm, that makes unbound-control print out the normal stats output from it, but using shm to get the

Re: Unbound 1.6 doc CNAME resolve

Hi, On 22/02/17 16:13, Кирилл Михайлович Варнаков via Unbound-users wrote: > Hi. Please change in CNAME-basedRedirectionDesignNotes.pdf in > paragraph Expected Behavior zone static to redirect! Thanks, fixed that line. Best regards, Wouter > >

Re: Unbound 1.6.1rc2 prerelease

et <mailto:unbound-users@unbound.net>>: > > On Fri, 10 Feb 2017, W.C.A. Wijngaards via Unbound-users wrote: > > Unbound 1.6.1rc2 is available: > > > That fixed the issues on fedora and it now compiles properly. > > Paul > > signature.asc Description: OpenPGP digital signature

Unbound 1.6.1rc3 prerelease

Hi, Unbound 1.6.1rc3 is available: https://www.unbound.net/downloads/unbound-1.6.1rc3.tar.gz sha256 25707d44125d93973e76efac798d1465d805647f601dad019df302e7cab1a6a7 pgp https://www.unbound.net/downloads/unbound-1.6.1rc3.tar.gz.asc https://www.unbound.net/downloads/unbound-1.6.1rc3.zip

Re: Unbound 1.6.1rc1 prerelease

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Michael, On 09/02/17 21:26, Michael Ströder via Unbound-users wrote: > W.C.A. Wijngaards via Unbound-users wrote: >> Unbound 1.6.1rc1 is available: > > Any new build dependencies introduced compared to 1.6.0 which I > should

Unbound 1.6.1rc2 prerelease

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, Unbound 1.6.1rc2 is available: https://www.unbound.net/downloads/unbound-1.6.1rc2.tar.gz sha256 5dc7d2df247aa75c0c335529bc36bff8540056cd860c7d6289f54141e8b1b9f8 pgp https://www.unbound.net/downloads/unbound-1.6.1rc2.tar.gz.asc

Unbound 1.6.1rc1 prerelease

Hi, Unbound 1.6.1rc1 is available: http://www.unbound.net/downloads/unbound-1.6.1rc1.tar.gz sha256 b741673993f84bca2409c9097f056964ea198682aa9d714f1f3dce0cac9f61b7 pgp http://www.unbound.net/downloads/unbound-1.6.1rc1.tar.gz.asc http://www.unbound.net/downloads/unbound-1.6.1rc1.zip

Re: pkg-config

Hi Rick, On 13/01/17 18:21, Rick van Rein via Unbound-users wrote: > Hi, > > Is there a reason why no pkg-config pattern file is included with Unbound? contrib/libunbound.pc is that the file you are looking for? > > Are you perhaps assuming that package builders write these files? [I > can

Re: Statistics question on histogram vs. total_num_queries

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi John, The numbers add up to the num.cachemiss. For your statistics you need to add the num.cachehits queries to the 0 bucket, or create another bucket with a zero response time for those cachehits queries. Then your percentile band can be

Re: Fwd: infrastructure cache question

Hi Rob, On 19/08/16 23:19, Rob Andrzejewski via Unbound-users wrote: > Hello Unbound Users, > > I'm new to Unbound and in the process of deploying to our high-volume > production environment. > > In order to meet some performance requirements, I have configured: > infra-cache-numhosts: 500

Re: Filtered Redirect (captive portal)

Hi Simon, These names: google.co.uk.sant.ox.ac.uk make me think that you have written CNAMEs and you did not terminate domain names with a trailing '.'. Domain names have to end in a trailing dot; and if you don't, the zone name is appended to name. In some cases unbound allows a missing

Re: Unbound does not response a forwarded query

Hi Adrian, Unbound waits until the root has done. But you do not allow these queries to be done. You can stop unbound from querying the root NS by setting a forward zone for the root (".") to somewhere. Best regards, Wouter On 28/02/17 06:16, Adrian Zhang via Unbound-users wrote: > When I

Re: Unbound does not response a forwarded query

: 34 > > > on Unbound server (after receive one query from client): > unbound-control dump_cache|grep unicc.intra > mine.intra.86200INSOAdc2.mine.intra. hostmaster.mine.intra. 65 900 600 > 86400 3600 > file.mine.intra.86095INA10.3.3.50 > > Best, > > Adrian >

Re: [polri.go.id DNS issues, glueless delegation, confusing NSEC???]

Hi Viktor, I don't see bugs in unbound; but perhaps there is not enough information about what is going on. The lookup of this domain works for me. Note that unbound will refuse to lookup on nameservers that are themselves DNSSEC-bogus. The NS, A, or for the nameserver is bogus and then

Re: [polri.go.id DNS issues, glueless delegation, confusing NSEC???]

a while it gets that no better alternative exists, uses the unsigned response and this is correctly insecure for DNSSEC. But these timeout could cause issues, I guess. Best regards, Wouter On 02/03/17 12:46, W.C.A. Wijngaards via Unbound-users wrote: > Hi Viktor, > > I don't see bugs i

Re: Relation between ub_fd/ub_poll/ub_process and ub_ctx_async

Hi Rick, On 24/02/17 18:51, Rick van Rein via Unbound-users wrote: > Hello, > > I'm not quite clear on the relation between ub_ctx_async() on the one > hand, and ub_fd(), ub_poll() and ub_process() the other hand. The > latter triple can clearly be integrated with an event loop, but the >

Re: Nits for 1.5.10

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Dag-Erling, Thank you for the fixes, I have applied the patch(es). Those casts are usually made after other tools complain about it, but they look better this way. Best regards, Wouter On 29/09/16 20:36, Dag-Erling Smørgrav via Unbound-users

Re: Unbound exiting on stats write failure?

Hi Havard, The error is on a pipe between unbound processes (threads). It should not be out of resources (it might block of course, waiting for them, and blocking pipes are not a problem for unbound, but this error is like a pipe randomly breaks up). Are you on OpenBSD? Perhaps upgrade the

Unbound 1.5.10rc1 prerelease

Unbound 1.5.10rc1 prerelease is available: http://www.unbound.net/downloads/unbound-1.5.10rc1.tar.gz sha256 2e4caddab49bb07900d5ae8d9d4571ee1f32d2d3cabac6c02d6cfc3f78907fa8 pgp http://www.unbound.net/downloads/unbound-1.5.10rc1.tar.gz.asc win32

Re: dump_cache strange format for PTR

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Stephane, Your script is picking up the wrong parts as RRs. The other lines are part of the message cache dump. Look for these marker lines through the cachedump (perhaps with csplit(1)?) START_RRSET_CACHE .. RRs END_RRSET_CACHE

Re: cannot resolv a.mx.bsws.de

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Andreas, The domain responds with a DNSSEC-signed NXDOMAIN for mx.bsws.de, and thus a.mx.bsws.de cannot exist. With qname-minimisation unbound then stops. Qname minimisation in unbound assumes that dnssec signed domains will do their NXDOMAIN

Re: Fix dnstap relaying "random" messages instead of resolver/forwarder responses

Hi Nikolay, Thank you for the fix, it is integrated (but did not make into the just release 1.5.10 release). Best regards, Wouter On 27/09/16 08:25, Nikolay Edigaryev via Unbound-users wrote: > This was already fixed for serviced_tcp_callback() in revision 3390, but > for some reason

Unbound 1.5.10

The Unbound 1.5.10 release is available: http://www.unbound.net/downloads/unbound-1.5.10.tar.gz sha256 a39b8b4fcca2a2b35a2daa53fe35150cc3f09038dc9acede09c912fc248a9486 pgp http://www.unbound.net/downloads/unbound-1.5.10.tar.gz.asc win32 http://www.unbound.net/downloads/unbound-1.5.10.zip and

Re: Does "stub-prime: yes" refresh NS list as zone apex changes?

Hi Viktor, On 29/09/16 09:14, Viktor Dukhovni via Unbound-users wrote: > > I read that "stub-prime: yes" obtains the initial "NS" list from > the zone's parent as usual, but what happens after that? Is that > "NS" list effectively "frozen" for the life-time of the unbound(8) > server process,

Re: unknown keyword 'dns64-prefix'

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Jason, with unbound -h, it prints the 'linked modules'. If dns64 is in there, you have it. Best regards, Wouter On 27/09/16 18:56, Jason Bailey via Unbound-users wrote: > I'm trying to set up DNS64 on a CentOS 7 box but unbound-checkconf >

Re: DNS over TLS

Hi Marco, Is ssl-upstream setting perhaps the one that is bothering you? I have no other clues, unfortunately. Best regards, Wouter On 23/10/16 15:19, Marco Davids (SIDN) via Unbound-users wrote: > Hi, > > So I wanted to play a little with DNS over TLS and found this: > > forward-zone: >

  1   2   3   >