Zitat von Paul Taylor <[email protected]>:
Since most people using Unbound are probably using it for the DNSSEC capability, perhaps my configuration has to do with the issue I'm having recovering? In my environment, Unbound isn't configured to go direct, but rather forward to various DNS servers. I have about 10-12 domains (mostly CDNs) that I'm forwarding to my ISP's DNS servers so I get DNS replies directing me to close servers. Theoretically, this should help me have a better experience with Netflix at home. After the forwarder definitions for all the CDNs, I have a forwarder defined for "." to send everything else to OpenDNS. This is to help keep my family from getting to websites I don't want little eyes to run across. Is it possible that with this type of config that it might cause Unbound to recover differently?
This reminds me of the issues we have when using Unbound with DNSSEC validation *and* using a forwarder. For some time it was Unbound using Bind 9.7.4 as parent but it also happend with a second Unbound instance as parent that Unbound stop resolving any names, because of some obscure validation failure. We have "solved" the problem by setting the internal Unbound to not validate and let the forwarder do the DNSSEC work.
Regards Andreas _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
