-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi staticsafe,
THANK YOU. :) Config is updated, and Unbound service is restarted. IF/WHEN YOU ARE REPLYING, PLEASE MAKE SURE TO PLACE ONLY ONE/BELOW EMAIL ADDRESS IN THE "TO:" FIELD/Text-Box: [email protected] Please do not send any email directly to me, Thanks. - -- Bright Star. Received from staticsafe, on 2013-05-23 4:27 PM: > On Thu, May 23, 2013 at 03:21:13PM -0700, Bright Star wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA512 >> >> Hello, Unbound Mailing List users & experts, >> >> Please check this below configuration, and let me know, IF this is >> fit and CORRECTLY CONFIGURED to work as a complete Validating >> DNS-Server / DNS-Resolver / DNS-Client for a Windows (7) OS based >> computer (which has 2GB RAM, 1 CPU Core), where it is currently >> installed and will run, and it will also have to serve, as a >> DNS-Server, for other computers and VMs (with different OSes) in >> local LAN. >> >> (Amount of free RAM memory size is large, so not a factor). >> >> Windows DNS Client service is set onto "Manual Startup" mode, so it >> is not running, and, local network adapter/interface is configured >> to use 127.0.0.1 as it's DNS-Server, in this (Win7) computer. >> >> And LAN network adapter/interface of this (Win7) computer is also >> using fixed/static IP address 192.168.0.10. >> >> And other computer's in LAN, VMs are configured to use 192.168.0.10 >> as their's DNS-Server. >> >> Most websites/domains/zones are not yet signed with DNSSEC. I want >> this DNS-Server, still be able to send DNS query results for such >> unsigned websites to its users/clients. (DNS query answer will not >> have "AD" flag). >> >> I do NOT want this DNS-Server to completely block (or stop sending) >> DNS query results for ANY sites/zones which are not yet DNSSEC signed. >> >> Firefox will have DNSSEC Validation based addons which will be >> configured to use this DNS-Server. Firefox addons will display >> colored icon or message, when a website is visited, and icon will >> indicate if a website is signed or secured with DNSSEC yet or not. >> (DNS query answer will have "AD" flag and "NOERROR" status for >> DNSSEC signed sites/zones). >> >> There are other software which we are using, they do not have >> built-in support for doing any DNSSEC based query and cannot >> understand DNSSEC based answer, those software still need to be able >> to function (that is: sending regular DNS query, and receiving >> regular response via this DNS-Server). >> >> So IF CORRECTION is NEEDED to be done on this config, please provide >> correct + practical + real config line that can be used, please do >> not give examples, or confusing comments/response. I'm looking for >> practical configuration that will serve my purpose and work right >> now. PLEASE describe ACCURATELY for what reason why a specific real >> config line is better or should be used what you are suggesting, and >> PLEASE describe what else need to be changed, exactly. >> >> Please do not assume, i will do or i'm suppose to do something >> automatically, so pls describe & explain. >> >> WHEN YOU ARE REPLYING, PLEASE MAKE SURE TO >> PLACE ONLY ONE/BELOW EMAIL ADDRESS IN THE >> "TO:" FIELD/Text-Box: >> [email protected] >> >> Please do not send any email directly to me, Thanks. >> >> PLEASE DO NOT SEND ANY EMAIL DIRECTLY TO ME, THANKS. >> >> Thanks (again) in advance, >> - -- Bright Star (Bry8Star). >> <SNIP> > > Only one thing stood out to me as an obvious error. > > access-control: 192.168.0.10 allow > > As you said, other computers in your LAN are supposed to use this DNS > resolver. > > The access-control statement should be as follows: > > access-control: 192.168.0.0/24 allow > > Assuming /24 as your LAN subnet mask. > -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJRnrUSAAoJEID2ikYfWSP69ZgQAIVCR73UJ93vr/AxMsRAryGl H0L+m6k95wBt4KV6/s/TgExRVPBgy7CpdP4ozOvh/DxmqNYHSwZm0lpryd3ySrx8 /EPBWaVWIgBIDvoLohQaEYQR7iul3+iv73IHVAPfzv47mJo4+ul9DeWxJtqrh9Eo cOw/YxWKH+F8ibv5uvXZoViz05E9y1u6MY0syzqAxNy2sVkBsO9ibsZ8pYfm5JLL m9n4iLu6oenbYgiJPAsTpGne5zwrUtwH48Ur5dcuRbf22yYsPoZwYO80n/VAgS+2 I+WbXCA5rZspqVlIk3REGPyeh3Oc8a2z2whBZ3iYyPAYxMwBbk3MwzDCz9hUYgxK gIeot4Bf72aGhMnx77fEBQIEJsqjgWGjJfGyoKwB43hybmqpFmJ3zd8qPqCGJBIs UDX1+S1cW50tMH7WrXbThAbTt3S2+vNQ0Otk2V4S2qEDeWOzoA4fCFvwJ+fr1upg Vf/v4h7yXedrabVRV8yi43Ud2jVLtq+twIvyd7FUVw/jv+FXtNZyudS+VoYYbfsL i31R8sG7ncgdECscFy+pcF0Ofvnw1yD4vSvIh7jBTMBNVKLCA+Aj2RvAfceHd+cU FqG+6HVusnc8vnYP9G07XapaYFeYcsgkDoGXYIXYjJK2d/bqTWc9sJTV5fVl/Ovj F2otzO+vCD9V7QTVDCKg =rCqD -----END PGP SIGNATURE----- _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
