Maintained by: NLnet Labs

[Unbound-users] Problem resolving private domains

W.C.A. Wijngaards
Mon Oct 25 17:01:10 CEST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Andreas,

On 10/25/2010 04:37 PM, lst_hoe02 at kwsoft.de wrote:
> Zitat von lst_hoe02 at kwsoft.de:
>> Sorry, forgot the first question. The "private-address:" is not set at
>> all, so Unbound should not stripe anything i guess?
> 
> May it be related to the fact that the .cz TLD is DNSSEC signed and the
> .de not? Both subdomains don't use DNSSEC until now and have no trust
> chain but that's the only difference i came up with...

Yes if your own domain is not signed, then you must give:
	domain-insecure: "domain2.cz"

So that unbound understands that there is no DS record published in .cz
for domain2.cz.

Best regards,
   Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkzFm7YACgkQkDLqNwOhpPhWVwCgroNO3VLii53LyoA9qKovoGnr
uIIAnifRUX2228xbx2b3WyUszCp1yeyj
=IPaq
-----END PGP SIGNATURE-----