Hi,
On 03/07/18 13:39, nusenu via Unbound-users wrote:
>> I can see the similar issue with similar config (which is there btw
>> because of selinux preventing use of non-dynamic ports.
>>
>> Jul 3 12:56:28 resolver unbound: [18382:0] error: can't bind socket:
>> Permission denied for ::
>> Jul
Hi Nusenu,
On 02/07/18 20:58, nusenu via Unbound-users wrote:
>
>
> W.C.A. Wijngaards via Unbound-users:
>>> Will this be included in future unbound releases?
>>
>> Yes, sure. I'll keep it in. Perhaps something similar is happening and
>> is what I need t
Hi Nusenu,
On 02/07/18 10:42, nusenu via Unbound-users wrote:
>
>
> W.C.A. Wijngaards via Unbound-users:
>> I think it is harmless, but the permission denied shouldn't really be
>> happening? In the code repository is a patch that prints out the port
>> number as we
Hi Nusenu,
On 30/06/18 18:07, nusenu via Unbound-users wrote:
>
>>> I've got the following intermittent socket bind errors in my log files:
>>>
>>> error: can't bind socket: Permission denied for
>>
>> Does the patch fix the problem for you?
>
> I'm running 1.7.3 with this patch applied and
Hi Yoshi Horigome,
On 30/06/18 04:02, Yoshi Horigome via Unbound-users wrote:
> Hello,
>
> Attempting to configure r4762 is now "libsystemd not found".
> However, we have confirmed that libsystemd related packages are
> installed as follows.
It needs ht libsystemd-dev package with the header
Hi Harry,
On 24/06/18 20:20, Harry Schmalzbauer wrote:
> Am 23.06.2018 um 20:26 schrieb Harry Schmalzbauer via Unbound-users:
>> Am 17.04.2018 um 15:26 schrieb W.C.A. Wijngaards via Unbound-users:
>>> Hi Harry,
>>>
>>> Yes, DNS NOTIFY is implemented in the cur
Hi nusenu,
On 24/06/18 13:12, nusenu via Unbound-users wrote:
> Hi,
>
> I've got the following intermittent socket bind errors in my log files:
>
> error: can't bind socket: Permission denied for
Does the patch fix the problem for you? If so, the flowinfo or scopeid
information is changed
Hi,
Unbound 1.7.3rc1 pre-release is available.
https://www.nlnetlabs.nl/downloads/unbound/unbound-1.7.3rc1.tar.gz
sha256 78913d28ff7dfa5fe8a69f235956bfdcb4cc4bdaeb45f03ed6eba5ebddfad5d0
pgp https://www.nlnetlabs.nl/downloads/unbound/unbound-1.7.3rc1.tar.gz.asc
This release fixes a bug in qname
Hi,
Unbound 1.7.2 is available:
https://www.nlnetlabs.nl/downloads/unbound/unbound-1.7.2.tar.gz
sha256 a85fc7bb34711992cf128b2012638ebb8dc1fe15818baa381f6489240845eaa0
pgp https://www.nlnetlabs.nl/downloads/unbound/unbound-1.7.2.tar.gz.asc
This release fixes bugs in DNS-over-TLS for windows, and
Hi,
On 08/06/18 09:39, ѽ҉ᶬḳ℠ via Unbound-users wrote:
> For some reason the OpenWRT repo does not seem to provide a single
> tls-cert-bundle file but rather rather a collection of single root
> certificates from different providers located in /etc/ssl/certs.
>
> Does Unbound require a single
Hi Alex,
On 08/06/18 01:57, Alex Zorin via Unbound-users wrote:
> Hello,
>
> I'm using libunbound to perform iterative DNS lookups for a diagnostic
> service: github.com/letsdebug/letsdebug .
>
> One of the problems I have is when one or more of a domain's authoritative
> nameservers are
Hi,
On 03/06/18 19:17, Ict Security via Unbound-users wrote:
> Hi all,
>
> i have defined access control for a specific class of IPs and
> everything is working fine, both for recursive and private class
> requests.
>
> Now, i would like to define a static zone and grant everyone (public)
> to
Hi Harry,
On 05/06/18 09:23, Harry Schmalzbauer wrote:
> Am 04.06.2018 um 14:07 schrieb W.C.A. Wijngaards via Unbound-users:
>> Hi,
>>
>> Unbound 1.7.2rc1 pre-release is available:
>> https://www.nlnetlabs.nl/downloads/unbound/unboun
Hi,
Unbound 1.7.2rc1 pre-release is available:
https://www.nlnetlabs.nl/downloads/unbound/unbound-1.7.2rc1.tar.gz
sha256 561c33f80b757820e3bd632cd339673da84a71dbb6328d124324db2c63a7f833
pgp https://www.nlnetlabs.nl/downloads/unbound/unbound-1.7.2rc1.tar.gz.asc
This release fixes bugs in
Hi,
On 04/06/18 11:29, Harry Schmalzbauer wrote:
> Am 04.06.2018 um 11:01 schrieb W.C.A. Wijngaards:
>> Hi Harry,
>>
>> On 02/06/18 19:24, Harry Schmalzbauer wrote:
>>> Am 02.06.2018 um 16:44 schrieb Harry Schmalzbauer via Unbound-users:
>>>> Am 17.04.2
Hi Harry,
On 01/06/18 19:22, Harry Schmalzbauer via Unbound-users wrote:
> Am 09.01.2018 um 10:53 schrieb Ralph Dolmans via Unbound-users:
>> Hi Harry,
>>
>> Unbound selects forward addresses in the same way as it selects
>> addresses for normal delegations. That is a random selection over the
>>
Hi Harry,
On 02/06/18 19:24, Harry Schmalzbauer wrote:
> Am 02.06.2018 um 16:44 schrieb Harry Schmalzbauer via Unbound-users:
>> Am 17.04.2018 um 15:26 schrieb W.C.A. Wijngaards via Unbound-users:
>>> Hi Harry,
>>>
>>> Yes, DNS NOTIFY is implemented in the cur
Hi,
On 01/06/18 21:48, Fongaboo via Unbound-users wrote:
>
> I've compiled a blacklist of adtracking sites that I'm trying to block
> by redirecting to 127.0.0.1. Some example entries:
>
> local-zone: "0-act.channel.facebook.com" redirect
> local-data: "0-act.channel.facebook.com A 127.0.0.1"
>
Hi Dmitri,
There is a fix slated for the next release, which is as a patch below.
I think this will solve those non-jostle list too full errors. It
decrements the num_reply_states counter and thus the incoming queries
won't get dropped any more because that counter became too big.
Best regards,
Hi Andreas, James,
On 29/05/18 20:46, A. Schulze via Unbound-users wrote:
>
>
> Am 29.05.2018 um 09:07 schrieb A. Schulze via Unbound-users:
>
>> I'll try to recompile the Debian package to catch configure output ...
>> @James: which Debian Version?
>
> OK, here are the logs and patched
Hi Andreas,
On 29/05/18 09:07, A. Schulze via Unbound-users wrote:
>
>
> Am 28.05.2018 um 23:01 schrieb James Cloos via Unbound-users:
>>
>> I don't have the configure output; this is debian's compile
> I'll try to recompile the Debian package to catch configure output ...
> @James: which
Hi James,
On 28/05/18 23:01, James Cloos wrote:
>> "WW" == W C A Wijngaards via Unbound-users
>> writes:
>
>>> Unbound *always* should fall back to urandom(4) when getentropy(3)
>>> results in ENOSYS, even when compiled against a kernel which advertizes
>>> support for getrandom(2).
>
Hi James,
On 25/05/18 19:06, James Cloos via Unbound-users wrote:
>> James Cloos via Unbound-users writes:
>
>> I have a number of kvm instances running debian where unbound 1.7.1
>> fails.
>
> An LD_PRELOAD lib which implments getentropy(3) via read(3)ing
>
es and then when server selection happens, it should omit the
>> failing servers from the server selection.
>>
>> This may not actually be the bug you originally tried to report, but it
>> should be an improvement.
>>
>> Best regards, Wouter
>>
>
be the bug you originally tried to report, but it
should be an improvement.
Best regards, Wouter
On 25/05/18 08:05, W.C.A. Wijngaards via Unbound-users wrote:
> Hi Yuri,
>
> From the logs, it looks like the connections to quad9 and cloudflare all
> end, very quickly, with a tcperror. Some
gt;> 24.05.2018 17:01:35 C:\Program Files\Unbound\unbound.exe[18264:1] debug:
>>>>> bio_cb 1, before write
>>>>> 24.05.2018 17:01:35 C:\Program Files\Unbound\unbound.exe[18264:1] debug:
>>>>> event_del 03E97210 added=1 fd=504 tv=-1 EV_WRITE
>
e[18264:1] debug:
>>> event_del 03E97210 added=1 fd=504 tv=-1 EV_WRITE
>>> 24.05.2018 17:01:35 C:\Program Files\Unbound\unbound.exe[18264:1] debug:
>>> close fd 504
>>> 24.05.2018 17:01:35 C:\Program Files\Unbound\unbound.exe[18264:1] debug:
>>> outne
ound.exe[18264:1] debug:
> outnettcp got tcp error -1
> 24.05.2018 17:01:35 C:\Program Files\Unbound\unbound.exe[18264:1] debug:
> tcp error for address ip4 1.1.1.1 port 853 (len 16)
>
> and no resolve.
>
>
>
> 24.05.2018 15:57, W.C.A. Wijngaards пишет:
>> Hi Yur
Hi Yuri,
On 09/05/18 16:51, Yuri wrote:
>
>
> 09.05.2018 11:51, W.C.A. Wijngaards via Unbound-users пишет:
>> Hi,
>>
>> No idea what is going on anymore, here is two new sets of binaries.
>>
>> These are made with openssl 1.0.2j. The code in unbound tha
Hi Hank,
On 23/05/18 15:23, Hank Barta via Unbound-users wrote:
> Hi all,
> I use pfsense for my firewall and have selected the unbound resolver for
> DNS on my home LAN. I have configured this to use Cloudflare DNS with
> DNSSEC enabled. In addition to checking the "Enable DNSSEC Support"
>
Hi Dmitry,
On 19/05/18 03:59, Dmitri Kourennyi via Unbound-users wrote:
> More investigation results:
>
> I think the issue appears when unbound is trying to probe the master
> servers for
> the auth_zone section. The logs show unbound doing lookups on all the
> auth_zone
> domain names in my
Hi Viktor,
On 23/05/18 01:45, Viktor Dukhovni via Unbound-users wrote:
>
> I have 8 threads configured, anyone know why unbound would
> do all the work in just one thread?
Previously people that asked this, had a usage that one thread could
satisfy. Perhaps the other cpu cores are running some
thout first negotiating TLS.
>>
>> It correctly reaches out to 1.1.1.1:853, but it doesn't negotiate a
>> TLS connection. Is there anything I could do to help fix this?
>>
>> -Ray
>>
>> On 5/7/2018 8:25 AM, W.C.A. Wijngaards via Unbound-users wrote:
>>> Hi Yu
wrote:
> Is it possible that it is OpenSSL-related issue? Does OpenSSL library in
> windows unbound statically linked?
>
> 08.05.2018 18:12, W.C.A. Wijngaards via Unbound-users пишет:
>> Hi Yuri,
>>
>> On 08/05/18 14:07, Yuri via Unbound-users wrote:
>>> N
Hi Yuri,
On 08/05/18 14:07, Yuri via Unbound-users wrote:
> Nop,
>
> I've disabled all firewalls with same results.
>
> And when I've tried to open TCP socket on 1.1.1.1 port 853 with telnet -
> it's opens.
>
Yes, Unbound logs also shows that the connection opens. But then
nothing but
Hi Florian,
On 08/05/18 10:44, Florian Riehm via Unbound-users wrote:
> Hi,
>
> Often I see unbound configurations with multiple forwarders for zones
> like this:
> forward-zone:
> name: "."
> forward-addr: 1.1.1.1
> forward-addr: 1.1.1.2
> forward-addr: 1.1.1.3
>
Hi Yuri,
On 07/05/18 16:16, Yuri via Unbound-users wrote:
> Just checked. Unfortunately, patch does not fix issue.
>
> Same sympthom. Timeout, then no resolve.
From your previous logs, what unbound does is connect, then write. Then
it gets nothing to read. Until the timeout happens. The
Hi Yuri,
On 05/05/18 01:01, Yuri via Unbound-users wrote:
> I can confirm this issue.
>
> 1.7.1 64bit does not work with DoT on Win10.
>
> Verbosity 4 log and service config attached.
>
> See no anomalies in log, however no resolve.
>
> SImplified config (OpenDNS, no DNSSEC etc.) - works.
>
Hi Raymond,
On 03/05/18 22:43, Raymond Bannan via Unbound-users wrote:
> I've spent several hours trying various permutations of the following
> config, but no matter what I do I can't get unbound to forward a DNS
> request over TLS:
This config looks correct. It should be connecting with TLS.
Hi,
Unbound 1.7.1 is available for download:
https://www.unbound.net/downloads/unbound-1.7.1.tar.gz
sha256 56e085ef582c5372a20207de179d0edb4e541e59f87be7d4ee1d00d12008628d
pgp https://www.unbound.net/downloads/unbound-1.7.1.tar.gz.asc
Note: The NLnet Labs website has been updated, and now
Hi Yuri,
On 26/04/18 21:34, Yuri via Unbound-users wrote:
> 1.7.1rc1 runs well with DNS-over-TLS.
>
> Is it will be in 1.7.1 release?
>
Yes, those DNS-over-TLS features are part of 1.7.1.
Best regards, Wouter
signature.asc
Description: OpenPGP digital signature
Hi Andreas,
On 26/04/18 17:32, A. Schulze via Unbound-users wrote:
>
>
> Am 26.04.2018 um 10:09 schrieb W.C.A. Wijngaards via Unbound-users:
>> Hi,
>>
>> Unbound 1.7.1rc1 pre-release is available:
>> https://unbound.net/downloads/
of low-rtt-pct is technically the wrong term and we
intend to replace it with "promille" (likely in a future release,
together with user experience feedback changes).
Best regards, Wouter
On 26/04/18 10:09, W.C.A. Wijngaards via Unbound-users wrote:
> Hi,
>
> Unbound 1.7.
Hi,
Unbound 1.7.1rc1 pre-release is available:
https://unbound.net/downloads/unbound-1.7.1rc1.tar.gz
sha256 46f48ef7c1dde9363d647edbb0f2bdee48be3ef0f53dbc1169f1076aae6ff4e6
pgp https://unbound.net/downloads/unbound-1.7.1rc1.tar.gz.asc
This is the maintainers pre-release.
This release has root
Hi Søren,
On 18/04/18 11:54, Søren Peter Skou via Unbound-users wrote:
> Hiya all,
>
>
>
> This perplexes me a bit. My unbound seems to have taken a dislike
> towards a couple of domains. Specificially frederiksberg.dk and fkb.dk
> and the tld .ke If I try doing a dig ns frederiksberg.dk and
Hi Harry,
Yes, DNS NOTIFY is implemented in the current code repo version. You
can specify additional sources with allow-notify.
Best regards, Wouter
On 25/03/18 16:25, Harry Schmalzbauer via Unbound-users wrote:
> Hello,
>
> thanks for the auth-zone feature in 1.7!
>
> Unfortunately, for
Hi Mahdi,
This may not be what you are looking for but the just released
aggressive-nsec: yes option uses DNSSEC aggressive NSEC processing to
cache more NXDOMAINs per upstream lookup, and more quickly respond to
NXDOMAINs, resulting in less upstream traffic and less load on the
server for
Hi Marc,
On 06/04/18 17:05, Marc Branchaud wrote:
> On 2018-04-06 02:47 AM, W.C.A. Wijngaards via Unbound-users wrote:
>> Hi Marc,
>>
>> On 04/04/18 20:29, Marc Branchaud via Unbound-users wrote:
>>> Hi all,
>>>
>>> I have a simple for
Hi Marc,
On 04/04/18 20:29, Marc Branchaud via Unbound-users wrote:
> Hi all,
>
> I have a simple forward-everything setup with serve-expired enabled:
>
> server:
> serve-expired: yes
> forward-zone:
> name: .
> forward-addr: X.X.X.X
>
> If I use "flush_zone ."
Hi Guillame-Jean,
On 04/04/18 11:41, Guillaume-Jean Herbiet via Unbound-users wrote:
> Hi,
>
> While doing some experiments, I am facing an issue while mixing
> auth-zone and forward-zone.
This bug was just fixed after a redhat bugreport.
The fix is in the code repository, this is the patch
Hi Andreas, Guillaume-Jean,
Sounds useful, so I've added the option to list a number of additional
tls ports to provide tls service on. With additional-tls-port: 443
(perhaps more with more port numbers to provide tls service on) in
unbound.conf.
For other, you also need to configure an
Hoi,
Unbound 1.7.0 is available:
https://www.unbound.net/downloads/unbound-1.7.0.tar.gz
sha256 94dd9071fb13d8ccd122a3ac67c4524a3324d0e771fc7a8a7c49af8abfb926a2
pgp https://www.unbound.net/downloads/unbound-1.7.0.tar.gz.asc
This release adds authority zones, for a local copy of the root zone,
and
Hi Andreas,
On 12/03/18 17:35, A. Schulze via Unbound-users wrote:
>
>
> Am 12.03.2018 um 10:45 schrieb W.C.A. Wijngaards via Unbound-users:
>> Changes:
>> - Added documentation for aggressive-nsec: yes.
>
> I also suggest to say "Default is no" instead
Hi,
Unbound 1.7.0rc3 maintainers prerelease is available:
https://www.unbound.net/downloads/unbound-1.7.0rc3.tar.gz
sha256 209e94c1da10c839f52e04b79ab4ea8b6fc3d88bbe544d9053b96d330538170c
pgp https://www.unbound.net/downloads/unbound-1.7.0rc3.tar.gz.asc
It was updated from rc3, because some
Hi,
On 11/03/18 22:33, Kazunori Fujiwara via Unbound-users wrote:
>> From: Ralph Dolmans via Unbound-users
>>> - Aggressive use of NSEC is not so transparent to me.
>>> unsure, what I really may expect here. Under which conditions is this
>>> active?
>>
>> When this
Hi,
Unbound 1.7.0rc2 maintainers prerelease is available:
https://www.unbound.net/downloads/unbound-1.7.0rc2.tar.gz
sha256 ed5e4529af6b1e70abaa835ec667db2a8b47ae479563b5f3b25b7a034eed
pgp https://www.unbound.net/downloads/unbound-1.7.0rc2.tar.gz.asc
It was updated from rc1 because the patch
, not -p0.
Also, I don't agree that the spelling is improved by lintian. But to
remove the warning, the patch is applied.
Best regards, Wouter
On 06/03/18 23:32, A. Schulze via Unbound-users wrote:
>
>
> Am 06.03.2018 um 11:02 schrieb W.C.A. Wijngaards via Unbound-users:
>> U
Hi Shawn,
Unbound tries to remove the pidfile on exit. It also tries to chown it,
if the username is set in unbound.conf.
Also if the pidfile is not located inside the chroot, then unbound
cannot remove the pidfile itself.
Best regards, Wouter
On 07/03/18 03:03, Shawn Zhou via Unbound-users
Hi,
Yes the key files are platform independent.
Best regards, Wouter
On 06/03/18 06:54, SIMON BABY via Unbound-users wrote:
> Hello Paul,
>
> Thank for looking into my issue. Yes, Am cross compiling for the
> target. Below is my configuration logs. I am implementing the client
> resolver
Hi Joe,
On 05/02/18 14:05, Joe via Unbound-users wrote:
> Hi list
>
> I have a stub-zone entry like the following:
> stub-zone:
> name: "office.intra"
> stub-addr: 10.0.0.1
> stub-addr: 10.0.0.2
>
> This works great except for CNAME entries, where I get the CNAME but
Hi Sebastian,
On 04/01/18 13:37, Sebastian Schmidt via Unbound-users wrote:
> Hello,
>
> I'm wondering if unbound has a method where a new certificate can be loaded
> without restarting unbound. This would be helpful when loading for
> short-lived (1 day) DNSCrypt certificates and potentially
Hi Sami,
On 07/01/18 21:08, Sami Kerola via Unbound-users wrote:
> Hello Wouter, and others,
>
> Would Unbound project be interested moving away from hand-written
> Makefile.am and other autotool stuff to meson? Here is a preview
> (hopefully to future) how things could look with meson:
Thanks
Hi Viktor,
On 20/12/17 09:15, Viktor Dukhovni via Unbound-users wrote:
> On Tue, Dec 19, 2017 at 06:08:50AM +, Viktor Dukhovni wrote:
>
>> The original coded uses non-portable undefined overflow behaviour
>> for signed integer arithmetic. The compiler is free to replace
>> "incep - expi >
Hi,
Wait, no, just CFLAGS=-g ./configure disables -O2, but you also need the
code change. So that won't work as a workaround.
Best regards, Wouter
On 15/12/17 11:40, W.C.A. Wijngaards via Unbound-users wrote:
> Hi Sebastian
>
> On 15/12/17 10:19, Sebastian Schmidt via Unbound-us
Hi Sebastian
On 15/12/17 10:19, Sebastian Schmidt via Unbound-users wrote:
> On 15 December 2017 at 6:09:19 pm, W.C.A. Wijngaards via Unbound-users
> (unbound-users@unbound.net <mailto:unbound-users@unbound.net>) wrote:
>> When I run unbound-host, I get no errors,
Hi Sebastian, Viktor,
On 15/12/17 01:26, Viktor Dukhovni via Unbound-users wrote:
> On Thu, Dec 14, 2017 at 02:21:15PM +1000, Sebastian Schmidt wrote:
>
>> I�ve unbound setup on FreeBSD 11.1 and I can�t figure out why "drill
>> www.wilda.nsec.0skar.cz" gives SERVFAIL. The domain is from this
>>
Hi Marco,
The right way is to use openssl 1.1.1, but it is maybe not available.
With libnettle, unbound has to compile --with-libunbound-only for it to
work. But then you don't have the daemon. So that was not what you
wanted, instead you wanted a very new openssl.
You can compile
Hi Nadine,
The respip.lo is not getting included in the link line.
Does this diff solve the problem? It omits += from the Makefile.
If that does not work, perhaps use gmake?
Index: Makefile.in
===
--- Makefile.in (revision 4413)
los.kanare...@artsalliancemedia.com>
>>
>> www.artsalliancemedia.com <http://www.artsalliancemedia.com>
> <http://www.artsalliancemedia.com/>
>>
>>
>>
>> Landmark House
>> Hammersmith Bridge Road
>> London W6 9EJ__
>>
Hi,
The order does not matter for local-zone, local-data, forward and stub
clauses. Unbound picks the closest one. First the local-zone and
local-data statements are processed. Then the cache of forward and stub
data. Then the lookup vi forward and stub data.
You could create a local-zone:
Hi Dylan,
Negative ttls are for negative answers, like NXDOMAIN and NOERROR/NODATA
answers. This is where that configuration option applies. The max neg
ttl setting reduces TTL values from the authority. It does not increase
them.
But this response is not an NXDOMAIN or NOERROR/NODATA, so
Hi,
This is the unbound 1.6.7 release.
https://www.unbound.net/downloads/unbound-1.6.7.tar.gz
sha256 4e7bd43d827004c6d51bef73adf941798e4588bdb40de5e79d89034d69751c9f
pgp https://www.unbound.net/downloads/unbound-1.6.7.tar.gz.asc
This release sets the default for trust anchor signaling to yes.
Hi,
This is the unbound 1.6.7rc1 prerelease.
https://www.unbound.net/downloads/unbound-1.6.7rc1.tar.gz
sha256 a92b673d66b57f3fd3d2e21da2174ec21ab76500ba2e07545287e206c52504a1
pgp https://www.unbound.net/downloads/unbound-1.6.7rc1.tar.gz.asc
This release sets the default for trust anchor
Hi Newell,
On windows, the directory is the directory of the exe file. Set that
as the working directory before starting unbound.
So, set the paths relative to the location of unbound.exe.
Best regards, Wouter
On 26/09/17 14:47, Newell Zhu via Unbound-users wrote:
> Hi
>
> I face a problem
Hi Newell,
I believe that windows, just like some BSDs, require the commandline
optione before the commandline argument(s). Put the -C option after the
-d option, and put the www-name at the end of the line.
Best regards, Wouter
On 21/09/17 15:21, Newell Zhu via Unbound-users wrote:
> Hey,
>
Hi Ernie,
You did add them in local-zone type 'static', right? Some of the other
types can ask the internet for data. If that is not it, I don't know
what's going on.
Best regards, Wouter
On 18/09/17 15:02, Ernie Luzar via Unbound-users wrote:
> I have noticed something that doesn't seem
Hi,
Unbound 1.6.6 is available:
https://unbound.net/downloads/unbound-1.6.6.tar.gz
sha256 972b14dc33093e672652a7b2b5f159bab2198b0fe9c9e1c5707e1895d4d4b390
pgp https://unbound.net/downloads/unbound-1.6.6.tar.gz.asc
This version blocks .test and .invalid by default. It has a -p option
to
Hi Eduardo,
I have no real good idea. But looking at your numbers, I see that you
are running a network heavy application, unbound, and it uses about 10G
on 12G memory. The buff/cache is 2G. Adds up to 12G. And it is
swapping. Sounds reasonable, it is maxed out on memory, this is where
swap
Hi,
Unbound 1.6.6rc2 prerelease is available:
https://unbound.net/downloads/unbound-1.6.6rc2.tar.gz
sha256 e723acf16cd8c80eea898873d98d9ba696516b1dd9571181b6b17aa0e29d91f9
pgp https://unbound.net/downloads/unbound-1.6.6rc2.tar.gz.asc
The RC2 is caused by configure script changes because of
Hi,
Unbound 1.6.6rc1 prerelease is available:
https://unbound.net/downloads/unbound-1.6.6rc1.tar.gz
sha256 49a018681c44d92c9e90af905b5c699871c3de487eff38d1303229ea69bed73a
pgp https://unbound.net/downloads/unbound-1.6.6rc1.tar.gz.asc
This version is a prerelease for packagers and maintainers.
Hi T.Suzuki,
Yes, 1472 is a more precise value to recommend. Changed the example
config and also the man page.
Best regards, Wouter
On 01/09/17 16:46, T.Suzuki via Unbound-users wrote:
> unbound.conf
> # EDNS reassembly buffer to advertise to UDP peers (the actual buffer
> # is set with
. Does not search exhaustively, but
MX,A,,SOA,NS also CNAME.
Best regards, Wouter
On 25/08/17 12:57, Petr Špaček via Unbound-users wrote:
> On 25.8.2017 11:47, W.C.A. Wijngaards via Unbound-users wrote:
>> Hi Petr,
>>
>> Unbound already implements that draft. Method 4.1,
Hi Petr,
Unbound already implements that draft. Method 4.1, select one (actually
a couple) RRsets. It picks them from cache if they are available there
(eg. A record or SOA record) and if no records are in cache, it'll make
a query.
There may be tricks with local-zones or local-data or python
Hi Viktor,
This is what verbosity 4 tells me:
[1503588441] libunbound[20640:0] info: verify rrset pat.dedyn.io. SOA IN
[1503588441] libunbound[20640:0] debug: verify sig 16713 8
[1503588441] libunbound[20640:0] debug: verify result: sec_status_secure
[1503588441] libunbound[20640:0] info: verify
Hi,
Unbound 1.6.5 is available:
https://www.unbound.net/downloads/unbound-1.6.5.tar.gz
sha256 e297aa1229015f25bf24e4923cb1dadf1f29b84f82a353205006421f82cc104e
pgp https://www.unbound.net/downloads/unbound-1.6.5.tar.gz.asc
This release fixes RFC5011 trust anchor tracking for users that install
Hi Daisuke HIGASHI,
Yes that is a bug, it should not be in ADDPEND but in VALID. This was
caused by unbound checking the signature as well as the DS hash for the
installed keys. I have patched this and a new version is released
(1.6.5) for this fix.
Best regards, Wouter
On 16/08/17 18:46,
Hi Bob,
There are default limits for a couple Mb of cache memory, tops. That
stops the cache from growing. When full, it stores a number of popular
items that fit.
Best regards, Wouter
On 07/08/17 18:31, Bob Joe via Unbound-users wrote:
> I am running unbound on my windows as my name server,
via Unbound-users wrote:
> On Thu, 3 Aug 2017 09:08:52 +0200
> "W.C.A. Wijngaards via Unbound-users" <unbound-users@unbound.net> wrote:
>
>> Hi T.Suzuki,
>>
>> Do you have prefetch-key enabled still? It causes the DNSKEY to be
>> prefetched.
Hi T.Suzuki,
Do you have prefetch-key enabled still? It causes the DNSKEY to be
prefetched. If so, that would just be extra data in the cache, and not
hamper KSK rollovers.
Otherwise, unbound shouldn't be fetching the DNSKEY itself then, but
downstream clients could still be asking for it.
Hi Dave,
What must be happening is that your authority server for the combine
192.168 stub clause, does not actually host a 192.168 reverse zone. And
that causes unbound to detect that the delegation is lame. Lameness
check only performed for authoritative servers (i.e. stub zones). And
now
Hi,
Also,
local-zone: "2.2.0.0.6.1.0.2.0.0.d.f.ip6.arpa." nodefault
has to be d.f.ip6.arpa nodefault, to disable the default zone that is
upwards from your private zone.
Best regards, Wouter
On 01/08/17 18:29, Eric Luehrsen via Unbound-users wrote:
> dnsmasq is a forwarding resolver and you
Hi Nick,
On 21/07/17 05:29, Nick Urbanik via Unbound-users wrote:
> Dear Folks,
>
> On 06/07/17 18:13 +1000, Nick Urbanik via Unbound-users wrote:
>> A DNS server running unbound 1.6.3 has these messages; any suggestions
>> on what is happening?
>>
>> error: serviced_tcp_initiate: failed to send
Hi Beeblebrox,
I think the issue is that -a adds the root.key file, but you also have
the root.key file in your unbound.conf, hence it is added twice. You'd
need another unbound.conf file without the root.key statement for
unbound-anchor. (unbound.conf supports include: "file" to make that
easy
Hi Jacob,
A quick response would be that I have had a string of bug reports, where
other software failed to create correct empty DNSSEC proofs. The DNSSEC
proofs would not be correct for a particular corner case, and that
corner case was hit by their options. caps for id and also the harden
Hi Mahdi,
The cache response time is about 0 milliseconds. Combine that with the
recursive response time (usually some number of milliseconds) to get the
value for all responses.
(Of course, not really 0, some fraction rounded to 0, eg. somewhere in
200k - 2M qps, so the response time works out
Hi Nick,
The config number for outgoing tcp is likely too low. outgoing-num-tcp:
1000
Also, you may be running out of port numbers, perhaps this causes the
'bind a tcp socket returns errno Address already in use', because the
choice of port number was left to the kernel? Unless you force a
Hi,
Unbound 1.6.4 is available:
https://unbound.net/downloads/unbound-1.6.4.tar.gz
sha256 df0a88816ec31ccb8284c9eb132e1166fbf6d9cde71fbc4b8cd08a91ee777fed
pgp https://unbound.net/downloads/unbound-1.6.4.tar.gz.asc
This release contains key tag signaling RFC8145 support. B root is
renumbered in
Hi,
Unbound 1.6.4rc2 release candidate 2 is available:
https://unbound.net/downloads/unbound-1.6.4rc2.tar.gz
sha256 c9839f7292af75eda5b72d53ef2ea241dadc4bdba0369f9d91f8162cba7946ca
pgp https://unbound.net/downloads/unbound-1.6.4rc2.tar.gz.asc
This release candidate fixes a recently found heap
Hi,
Unbound 1.6.4rc1 release candidate 1 is available:
https://unbound.net/downloads/unbound-1.6.4rc1.tar.gz
sha256 54dd9bc2bedc8f171dcad69cb1a64c5b5590ae04284c2eed3515993d86a46dc1
pgp https://unbound.net/downloads/unbound-1.6.4rc1.tar.gz.asc
This release contains key tag signaling RFC8145
Hi,
Unbound 1.6.3 is available for download:
https://unbound.net/downloads/unbound-1.6.3.tar.gz
sha256 4c7e655c1d0d2d133fdeb81bc1ab3aa5c155700f66c9f5fb53fa6a5c3ea9845f
pgp https://unbound.net/downloads/unbound-1.6.3.tar.gz.asc
This release fixes a spurious assertion failure when unbound receives
1 - 100 of 234 matches
Mail list logo