Maintained by: NLnet Labs

[Unbound-users] dnssec via forwarder

Andreas Schulze
Thu Dec 2 12:15:37 CET 2010


Hello,

I have a remote system as resolver using unbound-1.4.7.
On my local system I configured unbound-1.4.7 also as forwarder to the remote system.

--- snip
forward-zone:
        name: "."
	# 192.0.2.53 is the remote resolver
        forward-addr: 192.0.2.53
--- snap

Resolving at all works fine.

On my local system I have the The DNSSEC Validator Plugin from dnssec-validator.cz
installed. If I configure this Plugin to use the remote server as Resolver
then the Plugin shows me a green label in Firefox for dnssec-validator.cz.

If I configure the Plugin to use the local Resolver, the Validatorplugin shows me
a yellow label saying "The domain name is secured with DNSSEC technology,
 but the DNS server resolver used cannot verify the signature validity." 

I'm unsure, if this is an Error in the Plugin or I have misconfigured
my forwarding unbound.

any hints ?

Thanks
Andreas

-- 
Andreas Schulze
Internetdienste | P532

DATEV eG
90329 Nürnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196
E-Mail info @datev.de | Internet www.datev.de
Sitz: 90429 Nürnberg, Paumgartnerstr. 6-14 | Registergericht Nürnberg, GenReg Nr.70
Vorstand
Prof. Dieter Kempf (Vorsitzender)
Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender)
Dipl.-Kfm. Michael Leistenschneider
Jörg Rabe v. Pappenheim
Dipl.-Vw. Eckhard Schwarzer
Vorsitzender des Aufsichtsrates: Reinhard Verholen