Thank you for the hint. internetsociety.org works fine. But I just noticed many of the DNSSEC-enabled domains don't work. Also, some domains that don't use DNSSEC don't work. lucidsolutions.co.nz is an example.
On Thu, Oct 17, 2019 at 4:06 PM Robert Senger <[email protected]> wrote: > > Hint: freebsd.org is dnssec enabled, google.com is not. > > Can you resolve other dnssec enabled domains, e.g. internetsociety.org? > > R. > > Am Donnerstag, den 17.10.2019, 15:29 +0330 schrieb Javad Kouhi via > Unbound-users: > > Hello, unbound-users. > > > > I'm using Unbound 1.8.1 on FreeBSD 12.0-RELEASE. It works fine with > > the majority of domains, but it can't resolve one particular domain, > > FreeBSD.org. Everything else works perfectly. I'm able to resolve the > > FreeBSD.org domain when using another nameserver (8.8.8.8 for > > example). > > > > ~ # cat /etc/resolv.conf > > nameserver 127.0.0.1 > > ======================== > > ~ # drill google.com > > ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 26913 > > ;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > > ;; google.com. IN A > > > > ;; ANSWER SECTION: > > google.com. 126 IN A 216.58.206.206 > > > > ;; AUTHORITY SECTION: > > > > ;; ADDITIONAL SECTION: > > > > ;; Query time: 1 msec > > ;; SERVER: 127.0.0.1 > > ;; WHEN: Thu Oct 17 13:58:11 2019 > > ;; MSG SIZE rcvd: 44 > > ========================== > > ~ # drill freebsd.org > > Error: error sending query: Could not send or receive, because of > > network > > error > > ========================== > > ~ # echo "nameserver 8.8.8.8" > /etc/resolv.conf > > > > ~ # drill freebsd.org > > ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 41634 > > ;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > > ;; freebsd.org. IN A > > > > ;; ANSWER SECTION: > > freebsd.org. 3454 IN A 96.47.72.84 > > > > ;; AUTHORITY SECTION: > > > > ;; ADDITIONAL SECTION: > > > > ;; Query time: 45 msec > > ;; SERVER: 8.8.8.8 > > ;; WHEN: Thu Oct 17 14:00:02 2019 > > ;; MSG SIZE rcvd: 45 > > > > It works when I change the nameserver to 8.8.8.8. It's strange > > because > > other domains work fine with local unbound, it's just the > > FreeBSD.org. > > > > This is my config (generated by local-unbound-setup): > > ~ # cat /etc/unbound/unbound.conf /etc/unbound/lan-zones.conf > > /etc/unbound/control.conf > > # This file was generated by local-unbound-setup. > > # Modifications will be overwritten. > > server: > > username: unbound > > directory: /var/unbound > > chroot: /var/unbound > > pidfile: /var/run/local_unbound.pid > > auto-trust-anchor-file: /var/unbound/root.key > > interface: 0.0.0.0 > > access-control: 10.8.0.0/16 allow > > > > include: /var/unbound/lan-zones.conf > > include: /var/unbound/control.conf > > # This file was generated by local-unbound-setup. > > # Modifications will be overwritten. > > server: > > # Unblock reverse lookups for LAN addresses > > unblock-lan-zones: yes > > insecure-lan-zones: yes > > # This file was generated by local-unbound-setup. > > # Modifications will be overwritten. > > remote-control: > > control-enable: yes > > control-interface: /var/run/local_unbound.ctl > > control-use-cert: no > -- > Robert Senger > >
