On Mon, 14 May 2018, Martin Monperrus via Unbound-users wrote:
I'm using unbound as DNS forwarder on my laptop.
When I'm traveling, each time I am behind a captive portal, I have to manually
set the name server to the one provided by the ISP:
How to automate this? What kind of captive
On Mon, 30 Apr 2018, Phil Pennock via Unbound-users wrote:
You needed Unbound before. Are you _sure_ you still need it? It might
be that systemd-resolved does what you need now.
Does systemd-resolved still sends out your query over ALL interfaces'
DNS servers and trusts the FIRST answer
We have a report of crashing unbound servers in fedora:
https://bugzilla.redhat.com/show_bug.cgi?id=1562594
Unfortunately, there is not much information there:
Description of problem:
Unbound 1.7.0 from updates-testing crashes on a frequent basis with a buffer
overflow error being logged:
On Mon, 5 Mar 2018, SIMON BABY via Unbound-users wrote:
I get the below error while trying to launch unbound-host or unbound-anchor
or any unbound executable in my build env. Can someone help to solve this issue?
On Thu, 14 Dec 2017, Sebastian Schmidt via Unbound-users wrote:
I’ve unbound setup on FreeBSD 11.1 and I can’t figure out why "drill
www.wilda.nsec.0skar.cz" gives SERVFAIL. The domain is from this
(http://0skar.cz/dns/en) test site where it reports
three failures (2a, 2b and 4). Any help
Hi,
Today I found my laptop very unresponsive, and noticed that
unbound was using 230% CPU.
Unfortunately, I was rather busy, so I just killed and restarted unbound
and have no further information what went wrong :( It happened just
after opening my laptop, and not having connected to wifi at
On Mon, 4 Sep 2017, W.C.A. Wijngaards wrote:
Unbound 1.6.6rc1 prerelease is available:
https://unbound.net/downloads/unbound-1.6.6rc1.tar.gz
Compiles without issues and seems to run without issues too, but
only did limited testing.
It seems I had a bug in my ipsecmod hook, that caused the
Hi,
The unbound-checkconf code checks for the ipsecmod hook to exist:
check_chroot_string("ipsecmod-hook", >ipsecmod_hook, cfg->chrootdir
,
cfg);
I want to ship unbound with the ipsecmod module enabled via the
modules line, but activated via unbound-control. This means
I tried the following:
service unbound restart
sudo unbound-control set_option val-permissive-mode: yes
dig www.dnssec-failed.org
But that still gives a servfail.
Sprinking various flush_* options also did not seem to help.
Is this a bug or a feature? :)
Setting val-permissive-mode: yes in
On Tue, 9 May 2017, Eduardo Schoedler via Unbound-users wrote:
No exist ip address like 333.x.x.x, for example.
So, I wrote a python module to filter this questions.
But is that wise? If this malware ends up sending the DNS query
to a legitimate system DNS function, then such a DNS function
On Sat, 22 Apr 2017, Joris L. wrote:
Thanks Paul, i understand, mostly. I must admit i'm somewhat dumbfounded with
"The real fix here is that .com needs to come up with proper policies
regarding mixing scripts and domain bundling, something that the
newGLTDs did properly. "
See
On Mon, 10 Apr 2017, W.C.A. Wijngaards via Unbound-users wrote:
This install is triggered by the option --enable-event-api . Just
enabling --with-libevent does not trigger the install by itself.
What does --with-libevent without --enable-event-api do? The packages
I've created now used
When building unbound with --with-libevent support, the make install
phase should also call make unbound-event-install or else unbound-event.h
does not get installed and the header file for using the unbound event
functionality is not available.
I've just updated the fedora packages to manually
On Tue, 14 Feb 2017, W.C.A. Wijngaards wrote:
Unbound 1.6.1rc3 is available:
Still compiled successfully on all architectures
Paul
On Fri, 10 Feb 2017, W.C.A. Wijngaards via Unbound-users wrote:
Unbound 1.6.1rc2 is available:
That fixed the issues on fedora and it now compiles properly.
Paul
On Thu, 9 Feb 2017, W.C.A. Wijngaards via Unbound-users wrote:
- configure --enable-systemd and lets unbound use systemd sockets if you
enable use-systemd: yes in unbound.conf. Also there are
contrib/unbound.socket and contrib/unbound.service: systemd files for
Looking at the unbound.conf man
On Tue, 20 Sep 2016, W.C.A. Wijngaards wrote:
Unbound 1.5.10rc1 prerelease is available:
http://www.unbound.net/downloads/unbound-1.5.10rc1.tar.gz
sha256 2e4caddab49bb07900d5ae8d9d4571ee1f32d2d3cabac6c02d6cfc3f78907fa8
pgp http://www.unbound.net/downloads/unbound-1.5.10rc1.tar.gz.asc
win32
On Fri, 10 Jun 2016, Phil Mayers via Unbound-users wrote:
On 09/06/16 20:00, Paul Wouters via Unbound-users wrote:
On Thu, 9 Jun 2016, Ehren Hawks via Unbound-users wrote:
> With the release of 1.5.9 are there any plans to update the package
> available in EPEL repository? My c
Version
On 09/06/16 20:00, Paul Wouters via Unbound-users wrote:
On Thu, 9 Jun 2016, Ehren Hawks via Unbound-users wrote:
With the release of 1.5.9 are there any plans to update the package
available in EPEL repository? My caching servers are on CentOS 6 and
have 1.5.1 installed from the epel repo
On Thu, 9 Jun 2016, Ehren Hawks via Unbound-users wrote:
With the release of 1.5.9 are there any plans to update the package available
in EPEL repository? My caching servers are on
CentOS 6 and have 1.5.1 installed from the epel repo. Prior to 1.5.1 I recall
new versions appearing regularly.
On Fri, 3 Jun 2016, Vladimir Levijev via Unbound-users wrote:
Given the requirement to perform up to 20-40 DNS queries to different
name servers asynchronously in a single task, how well can unbound
handle such load (with all the possible timing outs and so on)? What
would be the recommended
for use or something?
Paul
--
Daisuke HIGASHI
2016-06-03 0:34 GMT+09:00 Paul Wouters via Unbound-users
<unbound-users@unbound.net>:
See https://bugzilla.redhat.com/show_bug.cgi?id=1342105
from time to time "netstat -l" shows unbound listening on some
high-
See https://bugzilla.redhat.com/show_bug.cgi?id=1342105
from time to time "netstat -l" shows unbound listening on some
high-ports not
bound to 127.0.0.1 - that makes no sense when the service is configured
for
127.0.0.1 only as a local resolver on a inbound mailfilter
On Wed, 2 Mar 2016, Olav Morken via Unbound-users wrote:
Unfortunately, the BIND server only tends to return responses where the
authority-section has NS-records but no RRSIG-record during the night.
I suspect it has something to do with traffic levels and what other
systems are accessing it.
On Mon, 29 Feb 2016, la9k3 via Unbound-users wrote:
Is there a way to make unbound honor my forwarder's dnssec validation?
For example, I use unbound as a caching forwarder and have "." set as a
forwarding zone that forwards everything to Google's public DNS
(8.8.8.8).
However, when I test
On Thu, 25 Feb 2016, W.C.A. Wijngaards via Unbound-users wrote:
The 1.5.8rc1 release candidate is available
looks good.
The release fixes line endings in the unbound-control-setup script, and
Confirmed.
a potential gost-hash validation failure and handles the ".onion" domain
to avoid
On Wed, 23 Dec 2015, martin f krafft via Unbound-users wrote:
I am running unbound (1.5.7 on Debian unstable) on a laptop as
a recursive resolver for localhost and a number of test VMs running
on the machine. I am aware that others use dnsmasq for this, but
I don't particularly like this
On Thu, 22 Oct 2015, Woodworth, John R via Unbound-users wrote:
I am trying to implement logic for an experimental (Internet Draft) RR type and
am curious if there is a common
methodology to get the ball rolling. Glancing through the code it appears as
if most of the magic is in
On Fri, 16 Oct 2015, W.C.A. Wijngaards via Unbound-users wrote:
Your patch seems to want to customize the compile itself, and
always-active, install for systemd. This is because the Makefile is
also trying to do the package install. Most package systems can pick
up files and install them,
On Thu, 15 Oct 2015, W.C.A. Wijngaards wrote:
- - Default for ssl-port is port 853, the temporary port assignment for
secure domain name system traffic. If you used to rely on the older
default of port 443, you have to put a clause in unbound.conf for
that.
Hmmm.
One use of this feature was
On Tue, 22 Sep 2015, Robert Edmonds via Unbound-users wrote:
W.C.A. Wijngaards via Unbound-users wrote:
It is not a particularly heavy root server load to mitigate, less code
is better and easier, the unblock-lan-zones statement is a frequently
asked question from our users. That said, we
On Tue, 22 Sep 2015, W.C.A. Wijngaards via Unbound-users wrote:
Today I ran into an unexpected flush issue. A domain with DS record
no longer signed its zone and became BOGUS. Once the registrar
removed the DS record, I ran an unbound-control flush_zone on the
zone, but I still received a
On Wed, 19 Aug 2015, Rafael Santiago de Souza Netto via Unbound-users wrote:
I'm new on libunbound. I tried to find in documentation some info about
how to specify the exact DNS server to be queried when ub_resolve() is
called but I was not able to found anything related. Is there a way to
do
On Tue, 28 Jul 2015, Edward Lewis via Unbound-users wrote:
unbound-anchor, by default, pulls DNSSEC trust anchors from data.iana.org.
I am trying to test RFC 5011 capabilities by following these websites:
http://keyroll.systems
and
http://icksk.dnssek.info/fauxroot.html
Goal is to run
34 matches
Mail list logo