Hi Wouter. Thanks for your explanation. For the dnssec not-enabled problem, my unbound.conf has that file enabled. Other settings (edited to save space). Currently no forward-zoned defined port: 53 \ do-ip4: yes \ do-ip6: no \ do-udp: yes \ do-tcp: yes root-hints: "/var/unbound/root.hints" hide-identity: yes \ hide-version: yes harden-dnssec-stripped: yes \ harden-short-bufsize: yes \ harden-large-queries: yes auto-trust-anchor-file: "/var/unbound/root.key" \ val-clean-additional: yes ------------------------ drill com. SOA +dnssec ;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 56264 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: \ ;; +dnssec. IN SOA ;; ANSWER SECTION: ;; AUTHORITY SECTION: 86400 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2014022400 1800 900 604800 86400 -----------------------
Also, if I set "include: /var/unbound/ad_servers" in unbound.conf is breaking the server start-up for some reason. The file has parsed list from yoyo-ad-servers, in the form: local-zone: "101com.com" redirect local-data: "101com.com A 127.0.0.1" ...etc What's the correct syntax for "include"? Regards. _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
