> If you do dnssec validation, set the val-log-level: 2 in unbound.conf. > Then it prints detailed errors about what goes wrong (and reload or > restart unbound).
Excellent. For the time being I disabled dnssec validation and I get: # dig @127.0.0.1 -t mx bk.bund.de ; <<>> DiG 9.8.1-P1 <<>> @127.0.0.1 -t mx bk.bund.de ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13543 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 8 ;; QUESTION SECTION: ;bk.bund.de.INMX ;; ANSWER SECTION: bk.bund.de. 12583 IN MX 10 mx2.bund.de. bk.bund.de. 12583 IN MX 10 mx1.bund.de. ... > You can get diagnostics out of unbound-control. With lookup bund.de > and dump_infra | grep <ip of bund.de nameservers that you saw in lookup> > > If it still fails, increase the verbosity level to gain more information. I'll play around a bit now. -- Ralf Hildebrandt Charite Universitätsmedizin Berlin [email protected] Campus Benjamin Franklin http://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155 _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
