Maintained by: NLnet Labs

[Unbound-users] problems resolving some sites

W.C.A. Wijngaards
Sat Nov 27 12:32:42 CET 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

On 11/26/2010 06:49 PM, lst_hoe02 at kwsoft.de wrote:
> Zitat von FRLinux <frlinux at gmail.com>:
>> Thanks, i have set this one to no, but still fails on a normal query
>> but works if I add +cdflag. Am I missing anything else? (my
>> configuration is the one i pasted on the first mail, with the change
>> you asked for, to set harden-referral-path: no).
> 
> We use unbound 1.4.7 and it has no problem to resolv
> 
> Fact is if it resolv with +cdflag (checking disable) there is something
> wrong with DNSSEC or someone is screwing the result records.

If you set val-log-level: 2 in the config file, it will report *why* the
DNSSEC failure is happening.  It gives a single line with an error for
every query-name that fails DNSSEC.

Best regards,
   Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkzw7FoACgkQkDLqNwOhpPi1vQCfeIPLYX/iTt7/X28KJRFzQSRd
oT0AnjRHUOW0R/BtjbxM4RMFMAbm6VG3
=33vW
-----END PGP SIGNATURE-----