Hello list, I'm running Fedora 21 with dnssec-trigger and unbound 1.5.1. The unbound is configured by the dnssec-trigger to forward all queries to a local-network validating resolver provided by DHCP.
With this configuration, unbound incorrectly recognizes the fedorapeople.org domain as bogus. The domain uses DLV, which I guess might cause the problem. % kdig @::1 jvcelak.fedorapeople.org ;; ->>HEADER<<- opcode: QUERY; status: SERVFAIL; id: 54325 ;; Flags: qr rd ra; QUERY: 1; ANSWER: 0; AUTHORITY: 0; ADDITIONAL: 0 ;; QUESTION SECTION: ;; jvcelak.fedorapeople.org. IN A ;; Received 42 B ;; Time 2015-02-03 16:12:33 CET ;; From ::1@53(UDP) in 0.1 ms ; Warning: failed to query server ::1@53(UDP) % sudo unbound-control list_forwards . IN forward x.x.x.x With +cd, the resolution works. And resolution via the upstream resolver x.x.x.x works as well. The upstream resolver runs BIND 9.9.6-P1. When I disable the forwarding, the resolution starts to work again: % sudo unbound-control forward_remove . ok % kdig @::1 +short jvcelak.fedorapeople.org 152.19.134.191 Is this a bug in Unbound or is my configuration incorrect? Best regards! Jan _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
