Hi Peter,
You can use 'domain-insecure:' for that.
Best regards,
-- George
On 03/09/2022 23:42, Peter Fraser via Unbound-users wrote:
I see. Thanks for that. Is it possible then to configure unbound to
exclude dnssec validation for a local domains and do it for all external
domains?
Regards,
On Jul 25, 2022, at 8:12 PM, Hugo Salgado <hsalg...@vulcano.cl
<mailto:hsalg...@vulcano.cl>> wrote:
192.18.1 is currently delegated, and it has an nsec covering it until
192.18.10. So it could happen that activating validation, unbound is
doing aggressive nsec, and answers nxdomain.
Hugo
On July 25, 2022 8:38:51 PM GMT-04:00, Peter Fraser via Unbound-users
<unbound-users@lists.nlnetlabs.nl
<mailto:unbound-users@lists.nlnetlabs.nl>> wrote:
Hi All,
I would really appreciate some help with this strange problem I am
having. I am running unbound 1.16.1 on FreeBSD 13.1 with NSD. I
have only one strange problem. I have two subnets on my network,
192.18.1.0/24 and 192.168.2.0/24. All forward lookups on both
subnets are fine but reverse lookups for the 192.18.1.0/24 subnet
fails. I notice though that when auto-trust-anchor-file is
disabled, it works. Not sure why since none of my zone records are
signed anyway.
The server that unbound is on has IP address is 192.18.1.12. This
is my setup below.
interface: 192.18.1.12
do-ip4: yes
access-control: 0.0.0.0/0 refuse
access-control: 127.0.0.0/8 allow
access-control: 192.18.1.0/24 allow
access-control: 192.168.2.0/24 allow
auto-trust-anchor-file: "/usr/local/etc/unbound/root.key"
local-zone: "my_domain.net <http://my_domain.net>." nodefault
local-zone: "168.192.in-addr.arpa." nodefault
local-zone: "18.192.in-addr.arpa." nodefault
stub-zone:
name: "my_domain.net <http://my_domain.net>"
stub-addr: 192.18.1.12@53000
stub-zone:
name: "1.18.192.in-addr.arpa."
stub-addr: 192.18.1.12@53000
stub-zone:
name: "2.168.192.in-addr.arpa."
stub-addr: 192.18.1.12@53000
