Oops - a little bit to quick to hit reply. Didn't see that in your current config.
--Arni On Mar 27, 2013, at 4:33 PM, Arni Birgisson <[email protected]> wrote: > This might be because of the default local-data in unbound for RFC4193 > addresses. > > http://www.unbound.net/documentation/unbound.conf.html (ctrl-F RFC4193) > > If that is the cause, you can remove it with > local-zone: D.F.ip6.arpa. nodefault > > -- Arni > > > Arni Birgisson > Professional Services > Men & Mice > Hlidarsmari 15, IS-201, Kopavogur, Iceland > Phone: +354 412 1500 > Email: [email protected] > www.menandmice.com > > First Choice in IP Address Management > > Men & Mice Blog | Follow us on Twitter | Men & Mice on Facebook > > Disclaimer : www.menandmice.com/disclaimer > > > On Mar 27, 2013, at 4:14 PM, "Mike." <[email protected]> wrote: > >> >> My unbound config file is: >> >> ------------------------------------- >> server: >> verbosity: 1 >> >> statistics-interval: 84600 >> statistics-cumulative: yes >> extended-statistics: yes >> >> interface: 10.20.1.1 >> interface: 127.0.0.1 >> interface: fdcf:b715:2f4d:1::1 >> interface: ::1 >> >> access-control: 0.0.0.0/0 refuse >> access-control: 10.0.0.0/8 allow >> access-control: 127.0.0.1 allow >> >> access-control: ::0/0 refuse >> access-control: fdcf:b715:2f4d:1::/64 allow >> access-control: fe80::/64 allow >> access-control: ::1 allow >> access-control: ::ffff:127.0.0.1 allow >> access-control: 2001:xxxx:xxxx:1::/64 allow >> >> cache-min-ttl: 0 >> >> root-hints: "/var/unbound/etc/named.cache" >> >> # auto-trust-anchor-file: "/var/unbound/etc/root.key" >> >> domain-insecure: "241acl.lan" >> >> local-zone: "10.in-addr.arpa." nodefault >> local-zone: "d.f.ip6.arpa." nodefault >> >> >> stub-zone: >> name: "241acl.lan" >> stub-addr: fdcf:b715:2f4d:3::1 >> >> stub-zone: >> name: "10.in-addr.arpa" >> stub-addr: fdcf:b715:2f4d:3::1 >> >> stub-zone: >> name: "d.f.ip6.arpa" >> stub-addr: fdcf:b715:2f4d:3::1 >> >> >> >> remote-control: >> control-enable: yes >> control-interface: ::1 >> >> ----------------------------------------- >> >> and I am running unbound 1.4.17 on OpenBSD 5.2. >> >> >> With the config file as above, all forward and reverse DNS lookups work >> fine. However, when I uncomment the auto-trust-anchor-file, then the >> rDNS look ups for fd::/8 addresses stop working. Increasing log >> verbosity, it looks like unbound is traipsing to the root servers >> looking for a DNSSEC key and not finding one. Then the rDNS request is >> rejected, and I cannot figure out why.... >> >> I know I am missing something obvious, but I just cannot see it .... >> >> >> _______________________________________________ >> Unbound-users mailing list >> [email protected] >> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users >
_______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
