On Tue, Jun 21, 2016 at 11:34:19PM +0200, A. Schulze via Unbound-users wrote: > > > Am 21.06.2016 um 19:23 schrieb Daisuke HIGASHI via Unbound-users: > > I guess that your unbound resolver is set to do DNSSEC validation.
I do not think so. My conf file has this sample snippet: # Uncomment to enable DNSSEC validation. # #auto-trust-anchor-file: "/var/unbound/db/root.key" I've not uncommented the above. Additionally, I've not run the command to generate /var/unbound/db/root.key (it does not exist on my system). I have a pretty basic setup. It's not exposed to internet traffic. Full anonimized and condensed conf below. - Tor -------------------------------- server: interface: 127.0.0.1 interface: 10.1.0.1 interface: 10.2.0.1 do-ip6: no max-udp-size: 1024 access-control: 0.0.0.0/0 allow_snoop hide-identity: yes hide-version: yes use-caps-for-id: yes do-not-query-localhost: no rrset-roundrobin: yes minimal-responses: yes outgoing-port-avoid:3128 outgoing-port-avoid:6881-6999 local-zone: "10.in-addr.arpa." nodefault remote-control: control-enable: yes control-use-cert: no control-interface: /var/run/unbound.sock stub-zone: name: "10.in-addr.arpa." stub-addr: 127.0.0.1@54 stub-zone: name: "dom1.net." stub-addr: 127.0.0.1@54 stub-zone: name: "dom2.com." stub-addr: 127.0.0.1@54
