-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Ondřej Surý wrote: > 2009/3/16 Cédric Girard <girard.cedric at gmail.com>: >> 2009/3/16 Ondřej Surý <ondrej at sury.org> >>> Hi Cédric, >> Hi, >>> does 192.168.2.2 serve . zone? >> >> No it does not. But (I'll double check) I'm not sure Unbound try to contact >> the authoritative server. > > According to the logfile Unbound is trying to prime root servers. And you > specified servers for . in your db.root file and not servers for test, so you > need to have full delegation path from '.' to your test zone. > >> Also it was working fine with BIND. Do they have a different behavior on >> that point ? > > It's very much possible. Yes, that is correct. It seems like BIND is using the safety belt (RFC1034) when priming fails, where unbound gives up when root priming fails. I think what you want is a stub-zone setup; here you can avoid your priming trouble: stub-zone: name: "." stub-addr: 192.168.2.2 stub-prime: no This is basically the same as the root-hints you have, but the stub-prime: no setting makes it skip the priming step that is failing now. Best regards, Wouter -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkm/WcgACgkQkDLqNwOhpPgrzQCcDW0ZnKmDAab2JBDtPBZNNCEx rNAAn0mvCNatMpSI3r2PCWuUQzmuasnt =KlBs -----END PGP SIGNATURE-----