On 2014-12-08 07:41, Jeroen Massar wrote: > On 2014-12-07 20:52, martin f krafft wrote: > [..] >> I fI remove the auto-trust-anchor-file config directive, it works, >> so it seems this is DNSSEC-related (none of my zones are signed >> yet). Can someone enlighten me and help em understand what's going >> on? > > As the root does not know your custom zone, that custom zone is not > properly signed and voila ;) > > Maybe what you want to do is use the 'search domain' option to point it > to the non-local edition; or .... disable dnssec (possibly selectively)
As per: http://utcc.utoronto.ca/~cks/space/blog/linux/UnboundDNSforVPN 8<--------- # Don't try to do DNSSEC for these domain-insecure: gern ---------->8 Should do the trick for you :) Greets, Jeroen _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
