Maintained by: NLnet Labs

[Unbound-users] atac.fr DNS problem

Gareth Hopkins
Wed Aug 26 17:26:13 CEST 2009


On Wed, Aug 26, 2009 at 2:47 PM, Stephane Bortzmeyer <bortzmeyer at nic.fr>wrote:

> On Mon, Aug 17, 2009 at 02:43:46PM +0000,
>  Florian Weimer <fweimer at bfk.de> wrote
>  a message of 18 lines which said:
>
> > Please post full trace output, e.g. the result of "dig www.atac.fr
> > +trace +all +norecurse" if you still can reproduce the issue.
>
> Interesting, this set of options do not work with an Unbound resolver:
>
> % dig www.atac.fr +trace +all +norecurse
>
> ; <<>> DiG 9.5.1-P3 <<>> www.atac.fr +trace +all +norecurse
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 1483
> ;; flags: qr; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; Query time: 0 msec
> ;; SERVER: ::1#53(::1)
> ;; WHEN: Wed Aug 26 14:45:27 2009
> ;; MSG SIZE  rcvd: 12


Hi Stephane,

You need to add 'allow_snoop' to your access-control statement in
unbound.conf

Example

access-control: 0.0.0.0/0 allow_snoop

Cheers,

Gareth
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20090826/75d19005/attachment.htm>