This does sound like a bug for auth-zone then.
I don't have time to replicate atm but could you open an issue for it?
Also, is this NSEC or NSEC3?
Best regards,
-- Yorgos
On 11/11/2022 15:09, Michael Tokarev wrote:
11.11.2022 16:54, George (Yorgos) Thessalonikefs wrote:
Now I spot that this is auth-zone.
Yes it is auth-zone. It is set up this way because it is a remote
office with
somewhat flaky connectivity and I thought about always having whole
thing locally
instead of relying for the upstream during all the runtime.
Which version of Unbound is that?
It is 1.16.3 currently. I thought about giving 1.17 a try, - upgraded
to 1.17.0,
with exactly the same effect. (It is Debian package of Unbound, - I'm
trying to
keep it current in Debian).
I would first try with stub-zone instead and point to the NSD instance
you mentioned.
The stub-zone works, it worked for many years (with not a best
reliability, see
above). I just tested it again - switching from auth-zone to stub-zone
with the
same stub-address works just fine.
It is only the auth-zone which dosn't work - I removed the temporary TXT
record and
it started failing again.
Thanks!
/mjt