Here is my config file, please see what is wrong: # BEGIN of service.conf / unbound.conf file server: verbosity: 3 statistics-interval: 0 statistics-cumulative: "no" extended-statistics: "no" num-threads: 2 interface: 127.0.0.1 interface: 192.168.0.10 interface: ::1 interface-automatic: "no" port: 53 outgoing-interface: 192.168.0.10 outgoing-range: 400 outgoing-port-permit: 52000-56096 outgoing-port-avoid: "22,25,26,37,53,54,55,67,68,69,80,110,123,135,137,138,139,143,443,445,465,500,587,843,990,912,993,995,1025,1863,1935,2082,2083,2096,2400,4242,4400,4421,4444,4445,4480,4500,4569,5038,5050,5060,5061,5062,5063,5064,5065,5198,5199,5200,5222,5555,5800,5801,5900,5901,6666,6667,6668,6669,7000,7001,7002,7003,7004,7005,7006,7658,7659,7660,7777,8050,8052,8054,8056,8058,8060,8080,8110,8118,8120,8123,8125,8143,8210,8225,8243,8998,9001,9022,9030,9050,9051,9052,9053,9054,9055,9056,9057,9058,9059,9060,9080,10000,15000,15001,15002,15003,15004,16001,16999,20000,20001,25000,26999,30600,31000,32000,36999,50300" outgoing-num-tcp: 10 incoming-num-tcp: 10 so-rcvbuf: 8m so-sndbuf: 8m edns-buffer-size: 4096 msg-buffer-size: 65552 msg-cache-size: 24m msg-cache-slabs: 4 num-queries-per-thread: 200 jostle-timeout: 200 rrset-cache-size: 48m rrset-cache-slabs: 4 cache-min-ttl: 0 cache-max-ttl: 21600 infra-host-ttl: 900 infra-cache-slabs: 4 infra-cache-numhosts: 10000 do-ip4: "yes" do-ip6: "no" # for now do-udp: "yes" do-tcp: "yes" tcp-upstream: "no" do-daemonize: "yes" access-control: 0.0.0.0/0 refuse access-control: ::0/0 refuse access-control: 127.0.0.0/8 allow access-control: 192.168.0.10/24 allow access-control: ::1 allow logfile: "C:\Program Files\Unbound\unbound.log" use-syslog: "no" log-time-ascii: "yes" log-queries: "no" root-hints: "C:\Program Files\Unbound\named.cache" hide-identity: "yes" hide-version: "yes" identity: "DNS" version: "1.0.0" target-fetch-policy: "3 2 1 1 1 1" harden-short-bufsize: "no" harden-large-queries: "no" harden-glue: "yes" harden-dnssec-stripped: "yes" harden-below-nxdomain: "no" harden-referral-path: "no" use-caps-for-id: "no" unwanted-reply-threshold: 1000 prefetch: "yes" prefetch-key: "yes" rrset-roundrobin: "yes" minimal-responses: "no" module-config: "validator iterator" dlv-anchor-file: "C:\Program Files\Unbound\dlv.isc.org.key" # Downloaded from http://ftp.isc.org/www/dlv/dlv.isc.org.key # DLV, DNS Lookaside Validation, for the root auto-trust-anchor-file: "C:\Program Files\Unbound\root.key" #trust-anchor-file: "<filename>" # File with trusted keys for validation. Specify more # than one file with several entries, one file per entry. # Standard DNS Zone file format, with DS, DNSKEY entries. #trusted-keys-file: "<filename>" # File with trusted keys for validation. Specify more # than one file with several entries, one file per entry. # Like trust-anchor-file, but in BIND-9 format. domain-insecure: "42" domain-insecure: "ovh" domain-insecure: "bit" domain-insecure: "ita" domain-insecure: "geek" # other TLDs that are inside other AltRootDNS val-bogus-ttl: 60 val-sig-skew-max: 86400 val-clean-additional: "yes" val-permissive-mode: "no" ignore-cd-flag: "yes" val-log-level: 2 #val-nsec3-keysize-iterations: "1024 150 2048 500 4096 2500" key-cache-size: 24m key-cache-slabs: 4 neg-cache-size: 4m local-zone: "onion." refuse # disallow via public route local-zone: "i2p." refuse # suppose to go via proxy route remote-control: control-enable: "no" stub-zone: name: "42" # http://42registry.org/ stub-addr: 91.191.147.246 # name / DNS Srvr stub-addr: 91.191.147.243 stub-addr: 79.143.244.68 # test with "search.42" stub-zone: name: "ovh" # http://ovh.co.uk/ stub-addr: 213.251.128.133 # name / DNS Srvr stub-addr: 213.251.188.133 stub-zone: name: "bit" # http://dot-bit.org stub-addr: 178.32.31.41 # name / DNS Srvr stub-addr: 108.174.61.249 stub-addr: 78.47.86.43 stub-addr: 96.127.133.37 stub-addr: 69.194.226.23 stub-addr: 194.71.109.237 # test with "dot-bit.bit" # OpenNIC : http://www.opennicproject.org/ : # TLDs: .geek, .free, .bbs, .parody, .oss, # .indy, .fur, .ing, .micro, .dyn, .neo, # .pirate, gopher and null. stub-zone: name: "opennicproj-rtDnsSrvr-randNum01.com" stub-addr: 66.244.95.20 # name / DNS Srvr stub-addr: 74.207.247.4 stub-addr: 216.87.84.211 stub-addr: 66.90.81.200 stub-addr: 94.23.246.31 stub-addr: 95.142.171.235 stub-addr: 82.237.169.10 stub-addr: 202.83.95.227 stub-addr: 58.6.115.42 stub-prime: no stub-first: no stub-zone: name: "geek" stub-host: "ns.opennicproj-rtDnsSrvr-randNum01.com" # test with "grep.geek" # ... around 14 OpenNIC TLDs # CesidianRoot : http://www.cesidianroot.net/ # Cesidian Root proper (84 TLDs), they also resolve # other Alt Root DNS's TLDs stub-zone: # http://www2.world-dns.net/ name: "cesidianroot-dnsSrvr-randNum02.net" stub-addr: 178.254.3.55 # name/DNS server stub-addr: 50.77.217.162 stub-addr: 199.193.252.198 stub-addr: 78.47.115.194 stub-addr: 78.47.115.197 stub-addr: 122.155.6.181 stub-addr: 182.163.74.213 stub-addr: 116.90.134.19 stub-addr: 200.58.125.62 stub-addr: 196.41.137.142 stub-zone: name: "ita" stub-host: "ns.cesidianroot-dnsSrvr-randNum02.net" # test with "governo.ita" # ... around 84 CesidinaRoot TLDs forward-zone: name: "." forward-addr: i.p.adrs.1 # AT&T ISP # Recursive/Caching forward-addr: i.p.adrs.2 # AT&T ISP # Recursive/Caching # END of service.conf / unbound.conf file
i can at least (inconsistently) do ping or nslookup or dig on test sites in 42, ovh, bit TLDs, but, could not do so for test sites in TLDs like geek, ita. Thanks for your help in advance, Bry8Star. On 8/22/2012 9:20 PM, Bry8 Star wrote: > Hi, > There are many other Root servers other than ICANN Root servers. For > example: CesidianRoot (http://www.cesidianroot.net/), OpenNIC > (http://www.opennicproject.org/), New Nations (New-Nations.net), > Namecoin DNS (DotBIT project, bit DNS) (http://dot-bit.org), 42 > (http://42registry.org/), OVH (http://ovh.co.uk/), i-DNS (MultiLingual > DNS) (i-dns.net), Public-Root ( http://public-root.com), UnifiedRoot > (unifiedroot.com), etc. > > How can i integrate all into one Unbound or into a central Unbound ? to > use their all TLDs, which are not found in default ICANN/IANA root servers. > > For example, i had to add these in unbound.conf/service.conf for '42' TLD: > > domain-insecure: "42" > stub-zone: > name: "42" > stub-addr: 91.191.147.246 # 42Registry a.42tld-servers.net europe > stub-addr: 91.191.147.243 # 42Registry b.42tld-servers.net europe > stub-addr: 79.143.244.68 # 42Registry c.42tld-servers.net europe > > now with the above 6 lines, i could not ping or browse the website at > "search.42" :( but 'dig', 'nslookup' does resolve/show successfully ns, > a , etc records. > i tried "dig 42. any +dnssec", but flag does not show 'ad' bit, only > shows 'qr rd ra'. answer does show 'SOA' with "a.42tld-servers.net. > tech.42registry.org.", and 4 'NS' shows "a/b/c/d.42tld-servers.net.". > > so what is/are wrong ? > if 42 TLD supports/has DNSSEC components, then how can i use them ? or > how to enable DNSSEC for 42 TLD ? > > Similar like above, i added domain-insecure and stub-zone for .bit TLD > in 'unbound.conf' / 'service.conf' file. The 'ping', 'nslookup', 'dig' > etc worked on the http://dot-bit.bit/ site/host/domain. :) > > The CesidianRoot proper, root dns server/system, has at least 84 TLDs of > their own. And they can also resolve other TLDs from other root dns > servers. > i added all of them (cesidianRoot and other root's TLDs) in this way, > i'm showing only few TLD example instead of all 84 TLDs here: > > domain-insecure: "5wc" > domain-insecure: "cesidio" > domain-insecure: "linna" > domain-insecure: "free" > ... > stub-zone: > name: "cesidianroot-dnsSrv-randNum1.net" > stub-addr: 178.254.3.55 # Master CesidianRoot.net Root Server > stub-addr: 50.77.217.162 # CesidianRoot.net North America > stub-addr: 199.193.252.198 # CesidianRoot.net North America > stub-addr: 78.47.115.194 # CesidianRoot.net Europe > stub-addr: 78.47.115.197 # CesidianRoot.net Europe > stub-addr: 122.155.6.181 # CesidianRoot.net South-East Asia > stub-addr: 182.163.74.213 # CesidianRoot.net South-East Asia > stub-addr: 116.90.134.19 # CesidianRoot.net Australia & Ocenia > stub-addr: 200.58.125.62 # CesidianRoot.net South America > stub-addr: 196.41.137.142 # CesidianRoot.net Sub-Saharan Africa > stub-zone: > name: "5wc" > stub-host: "ns.cesidianroot-dnsSrv-randNum1.net" > stub-zone: > name: "cesidio" > stub-host: "ns.cesidianroot-dnsSrv-randNum1.net" > stub-zone: > name: "linna" > stub-host: "ns.cesidianroot-dnsSrv-randNum1.net" > stub-zone: > name: "free" > stub-host: "ns.cesidianroot-dnsSrv-randNum1.net" > ... > > but when i tried to do ping/nslookup/dig on any TLD randomly from > CesidianRoot, then none of the tool worked. ! :( :-( > > What is/are wrong ? i used this "cesidianroot-dnsSrv-randNum1.net" > domain-name because such does not exist in real-life. do i need to > define/declare 'ns' & 'cesidianroot-dnsSrv-randNum1.net' which are used > in stub-host : "ns.cesidianroot-dnsSrv-randNum1.net" line ? > > And please help me to have a solution, where i dont have to use those 10 > stub-addr dns server of CesidianRoot for all of those 84 TLDs for 84 > times, then it will become at least 11 x 84 lines of codes ! how can i > reduce line numbers ? > > if cesidianroot TLDs supports/has DNSSEC components/records, then how > can i use them or how to enable DNSSEC for CesidianRoot ? > > CesidianRoot can also resolve TLDs authoritatively maintained by > New-Nations.net root system, and i-DNS.net Root system. All of those > TLDs are currently using 'ns.cesidianroot-dnsSrv-randNum1.net' as > stub-host currently in 'service.conf' / 'unbound.conf' file. Since > CesidinaRoot is not SOA / AA / DS of New-Nations.net & i-DNS.net TLDs, > am i suppose to change the stub-host of those TLDs from > 'ns.cesidianroot-dnsSrv-randNum1.net' into > 'ns.new-nations-net-dnsSrv-randNum1.net' / > 'ns.i-dns-net-dnsSrv-randNum1.net' ? > > if i could use CesidianRoot with DNSSEC via unbound (along with the > default ICANN provided TLDs), then i could apply similar method/approach > for other root dns server, which are similar. > > by the way, your irc channel #unbound in irc.freenode.net is very > in-active, and some users who did post some messages, instead of helping > out, they question the 'question' ! or question the 'user' who is > posting the question or asking for help ! instead of asking more about > the problem itself, and what can be done to solve it ! very unfriendly > attitudes. Most likely these users does not like to help others, or > grumpy, or busy with something else, or expecting something else from users. > > in website, please add sha1, sha256 hash/checksum of windows binary > files, thanks. > > Thanks for your all help. > ~ Bry8Star. > _______________________________________________ > Unbound-users mailing list > [email protected] > http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
