Zitat von Ralf Hildebrandt <[email protected]>:
If you do dnssec validation, set the val-log-level: 2 in unbound.conf.
Then it prints detailed errors about what goes wrong (and reload or
restart unbound).
Excellent. For the time being I disabled dnssec validation and I get:
# dig @127.0.0.1 -t mx bk.bund.de
; <<>> DiG 9.8.1-P1 <<>> @127.0.0.1 -t mx bk.bund.de
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13543
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 8
;; QUESTION SECTION:
;bk.bund.de.INMX
;; ANSWER SECTION:
bk.bund.de. 12583 IN MX 10 mx2.bund.de.
bk.bund.de. 12583 IN MX 10 mx1.bund.de.
...
As said have a look if you have problems with DNS reply sizes
>512bytes. The DNSSEC enabled answer for bk.bund.de is ~2000bytes
which might get you in trouble with firewalls and other "smart"
traffic filters.
Regards
Andreas
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
