Zitat von "W.C.A. Wijngaards" <[email protected]>:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Andreas,
On 10/25/2010 04:37 PM, [email protected] wrote:
Zitat von [email protected]:
Sorry, forgot the first question. The "private-address:" is not set at
all, so Unbound should not stripe anything i guess?
May it be related to the fact that the .cz TLD is DNSSEC signed and the
.de not? Both subdomains don't use DNSSEC until now and have no trust
chain but that's the only difference i came up with...
Yes if your own domain is not signed, then you must give:
domain-insecure: "domain2.cz"
So that unbound understands that there is no DS record published in .cz
for domain2.cz.
Okay, with "domain-insecure: domain2.cz" it works. But it strikes me
odd why the internal.domain2.cz is different from Unbound point of
view then any other .cz domain? After all Unbound does forward all
queries anyway to the upstream Bind. I guess it is best to list all
private domains also as insecure domain in case the TLDs will be
signed some day.
Many Thanks
Andreas
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
