-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Jarno,
On 06/27/2012 02:05 PM, Jarno Huuskonen wrote: > Hi, > > I'm having some problems with (unbound 1.4.17): unbound-control > set_option domain-insecure: arm.gov. Yes set_option and get_option do not work with domain-insecure, like it says on the man-page. The special code for the command stub_add, that adds a domain-insecure works, so your workaround is fine. The reason why it does not work, is that get_option and set_option are basically using the same interface as 'libunbound' setoption and getoption, however, the daemon is already running (unlike when the functions are used with libunbound) and therefore it has already been initialised. Options that are referenced at runtime work. Options that are referenced by the initialisation code fail to work, because the option value is changed but the code is not re-initialised when you run unbound-control set_option. Best regards, Wouter > If I do: unbound-control reload unbound-control set_option > domain-insecure: arm.gov. > > and then dig @127.0.0.1 ns arm.gov. > > I get validation errors (and the dig query fails with SERVFAIL): > info: validation failure <arm.gov. NS IN>: no keys have a DS with > algorithm RSASHA1-NSEC3-SHA1 from 192.101.109.47 for key arm.gov. > while building chain of trust > > But if I put: domain-insecure: "arm.gov." into unbound.conf and do > unbound-control reload and then try the query (dig @127.0.0.1 ns > arm.gov.) it works just fine (w/out validation) > > Is there something obvious that I'm missing ? (man unbound-control > set_option doesn't list domain-insecure as working ?) > > This "workaround" seems to work: unbound-control stub_add +i > arm.gov. 127.0.0.1; unbound-control \ stub_remove arm.gov. (but > unbound-control get_option domain-insecure doesn't show arm.gov. > after this "workaround"). > > -Jarno > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJP6xoFAAoJEJ9vHC1+BF+NiVoP/2E+lYwNrIzxFN2QH5vlfKJA tpHXF0AIO2nm4CYdpoxvZyTfZ4BWpFOj5EHzg6AnZcg3gDpr1Xl0PmbD3W4xAgrR hLa1rNPe9y/UxaidNl/8BTj6RAuIiUwdjZsvzH2cuitt2RvUuUKQtbxSvmGX3/QR CrGBDZ2iUfdW2wAa9jDIGhnYumE10ykY0kscnQnjD3WIYacm2hZVY80tIsEt3TcX 9lOUGWSBVMa8wrOP2aYtL7mU0EAvBOEDM9ApBGwSUCU3wPhHrXLzL8FHBC5gb6ge dyedZ13n2Hz0MAKm0lc6VJ0HAbR1hA2FMqahALiCy39B/WSbSqowfaeZeyLJf2yJ RJkdjzcZH086CGs2YLMAuwyQFnoT5iH2ZAQIEX31GpbJnxRuqQZEplLSkdTzwhU0 lZOSXfINBonpx4DvdLlSfbZNjOrZu9STYx+DP2907VrtK4pw7+oC2w+GwMm1GGoI KrpLCUAIBXBT6BeY4Dp3fLgobPy9YAPzdiyKyLKiODfuoMcJlsX9cV5SiVmgtK9I KTcUAcGGqgaIevtlSQAyNiNpDSKDOS92tkeoC3uOw1/AaWZBoZqW4VXm6KQT1vj0 9Di1p1d3QBuGXr75umqSDYTCzbRg6FQ+PulvegHQ94thjhr5WW3fOdfP35m4Bmin Th14UsEwkhvrwSHjD+ht =IBuf -----END PGP SIGNATURE----- _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
