My unbound config file is:
-------------------------------------
server:
verbosity: 1
statistics-interval: 84600
statistics-cumulative: yes
extended-statistics: yes
interface: 10.20.1.1
interface: 127.0.0.1
interface: fdcf:b715:2f4d:1::1
interface: ::1
access-control: 0.0.0.0/0 refuse
access-control: 10.0.0.0/8 allow
access-control: 127.0.0.1 allow
access-control: ::0/0 refuse
access-control: fdcf:b715:2f4d:1::/64 allow
access-control: fe80::/64 allow
access-control: ::1 allow
access-control: ::ffff:127.0.0.1 allow
access-control: 2001:xxxx:xxxx:1::/64 allow
cache-min-ttl: 0
root-hints: "/var/unbound/etc/named.cache"
# auto-trust-anchor-file: "/var/unbound/etc/root.key"
domain-insecure: "241acl.lan"
local-zone: "10.in-addr.arpa." nodefault
local-zone: "d.f.ip6.arpa." nodefault
stub-zone:
name: "241acl.lan"
stub-addr: fdcf:b715:2f4d:3::1
stub-zone:
name: "10.in-addr.arpa"
stub-addr: fdcf:b715:2f4d:3::1
stub-zone:
name: "d.f.ip6.arpa"
stub-addr: fdcf:b715:2f4d:3::1
remote-control:
control-enable: yes
control-interface: ::1
-----------------------------------------
and I am running unbound 1.4.17 on OpenBSD 5.2.
With the config file as above, all forward and reverse DNS lookups work
fine. However, when I uncomment the auto-trust-anchor-file, then the
rDNS look ups for fd::/8 addresses stop working. Increasing log
verbosity, it looks like unbound is traipsing to the root servers
looking for a DNSSEC key and not finding one. Then the rDNS request is
rejected, and I cannot figure out why....
I know I am missing something obvious, but I just cannot see it ....
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
