Zitat von FRLinux <[email protected]>:
Hello,
I am trying to understand a problem on resolving a small fraction of
sites from unbound. The server is a Debian Squeeze running behind a
Firewall. 53/tcp, icmp and full udp are open on the box to the
outside. Unbound is stock Debian (1.4.6-1). When i try to resolve this
host for instance, it fails: ice.grid.kiae.ru whereas bind works.
Here is my configuration, I would be grateful if someone could point
me to the problem:
server:
verbosity: 1
num-threads: 2
interface: 0.0.0.0
interface: ::0
interface-automatic: yes
access-control: 127.0.0.0/8 allow
access-control: ::1 allow
access-control: ::ffff:127.0.0.1 allow
access-control: xxxxxxx allow (where xxxx is our public range)
access-control: 0.0.0.0/0 refuse
access-control: ::0/0 refuse
chroot: ""
username: "unbound"
directory: "/etc/unbound"
logfile: "/var/log/unbound/unbound.log"
pidfile: "/var/run/unbound.pid"
root-hints: "/etc/unbound/named.cache"
harden-glue: yes
harden-dnssec-stripped: yes
harden-referral-path: yes
This is a non default and labeled as experimental in the docu. It
works fine here with the default (no), maybe try to set it back to the
default.
You could also try "+cdflag" to see if the non-result is related to DNSSEC.
BTW: Why do you not use the "auto-trust-anchor-file" setting as the
root-zone is now signed?
Regards
Andreas
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
