Actually, my previous reply was wrong, you'll need to use the config server=/local.tld/<address of unbound server>
to make this work. Cheers, Simon. On 03/08/18 14:51, Simon Kelley wrote: > As far as I can tell, the Pihole instructions for configuring Unbound > specify that the local TLD should be configured as not DNSSEC signed. > > As far as dnsmasq is concerned, therefore, any answers in the local TLD > cannot be proven as valid, since they're unsigned, and it cannot be > proven that the local TLD is unsigned, since there's no trust path from > the root that proves that. > > The BOGUS reply from dnsmasq is therefore quite correct. > > THe fix for this is to tell dnsmasq that the local TLD is NOT DNSSEC signed. > > something like > > server=/local.tld/# > > in the pihole dnsmasq config should do the trick. > > > (Note that when researching this answer, I found a couple of corner-case > bugs to do with this code, one of which is that the logging for that > server line doesn't include the information that DNSSEC is disabled for > t hat TLD. This shouldn't stop it working. > > Cheers, > > Simon. > > > > On 03/08/18 13:14, Walter | Exclusive-IT wrote: >> >> >> >> >> >> Good day Sir, >> >> Mark, from Pi-hole, advised me to ask you about a possible DNSMasq >> bug/issue through this channel. >> >> I would very much appreciate your thoughts on this issue: >> https://github.com/pi-hole/FTL/issues/336 >> >> Thank you in advance for your time, >> >> -- >> >> *Met vriendelijke groet, kind regards,* >> Walter van 't Hoff >> >> Exclusive-IT logo >> >> *Exclusive-IT* >> t: +31 (0)6 2264 8629 >> e: wal...@exclusive-it.nl <mailto:wal...@exclusive-it.nl> >> w: Exclusive-IT.nl <https://exclusive-it.nl> >> >> De informatie in dit e-mail bericht is vertrouwelijk en uitsluitend >> bestemd voor de geadresseerde. Gebruik van deze informatie door anderen >> dan de geadresseerde is niet toegestaan. Indien u dit bericht ten >> onrechte ontvangt, wordt u verzocht de inhoud niet te gebruiken maar de >> afzender direct te informeren door het bericht te retourneren en het >> daarna te verwijderen. Openbaarmaking, vermenigvuldiging, verspreiding >> en/of verstrekking van de in de e-mail ontvangen informatie aan derden >> is niet toegestaan. Op alle diensten die wij verlenen zijn algemene >> voorwaarden van toepassing die een beperking van onze aansprakelijkheid >> bevatten. De algemene voorwaarden kunt u vinden en downloaden op >> https://exclusive-it.nl/AlgemeneVoorwaarden.pdf - The information in >> this e-mail is confidential and intended solely for the addressee. Use >> of this information by others than the addressee is not allowed. If you >> are not the intended recipient of this e-mail, you are hereby requested >> to not use the contents but notify the sender immediately by returning >> this e-mail and subsequently delete the message. Disclosure, copying, >> distribution of the information in this e-mail to third parties is >> prohibited and may be unlawful. All services we provide are subject to >> our general terms and conditions which include a restriction of our >> liability. You can find and download the general terms and conditions >> (Dutch) on https://exclusive-it.nl/AlgemeneVoorwaarden.pdf. >> > > > _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss