Maintained by: NLnet Labs

[Unbound-users] 1.3: stub zones broken

W.C.A. Wijngaards
Thu Jul 23 15:23:09 CEST 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Michael,

I've provided a bugfix in the svn repository, for the upcoming
unbound release, so that it should not longer do this.  Thanks
for the bugreport!

Best regards,
   Wouter

On 07/23/2009 11:05 AM, W.C.A. Wijngaards wrote:
> What you see here is that unbound is trying to prime the root
> servers before continuing.  Even though it has a more specific stub
> anchor, it wants to prime the root first.  If that succeeds, it
> will then send this query towards your configured stub anchor.
> 
>> This is an internal machine which does not have access to external network,
>> so none of the queries will succeed.  Especially for names like this
>> (paltus.tls.msk.ru) which does not exist externally.
> 
> So, it cannot access the root, but it still has root-hints there.
> When it starts it will attempt to prime the root.
> (Prime the root: contact the root servers to get the latest up
> to date root-hints, using the root-hints from configuration).
> 
> But your machine is internal and cannot access it, so it fails.
> Hm.  The easiest way would be to provide root-hints to 127.0.0.1
> (or better, to 192.168.2.18).  Here is how:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkpoZD0ACgkQkDLqNwOhpPgKMACgsHuHH82iKpbVsSjNOcjYr0Ay
eWkAoLUQSasM0V+dLFUJwuDaFHEu0CiM
=+IfH
-----END PGP SIGNATURE-----