Maintained by: NLnet Labs

[Unbound-users] "Tunnel" dnssec through local forward-zone?

Paul Wouters
Mon Jul 25 22:05:26 CEST 2011


On Mon, 25 Jul 2011, Paul Wouters wrote:

>> Now I'm trying to get dnssec working but I've run in to some problems.
>
> Why are you doing this? unbound can do queries using just tcp per default, so 
> you
> do not need to use ttdnsd. I assume you're trying to proxy dns to an 
> anonymiser
> network like tor?
>
> Try this unbound patch, and set unbound to use tcp only in unbound.conf using
> do-udp:no and do-tcp:yes.

That should be do-udp:yes. The patch disabled the activation of udp for outgoing
queries but the do-udp:yes allows udp for incoming (localhost) queries.

Paul

> I've sent this to the tor people before, but they haven't gotten back to me
> with test results. If we have positive results, we might be able to convince
> Wouter to make the below patch a runtime option.
>
> Index: daemon/worker.c
> ===================================================================
> - --- daemon/worker.c   (revision 2279)
> +++ daemon/worker.c     (working copy)
> @@ -1090,7 +1090,7 @@
>                worker->daemon->env->infra_cache, worker->rndstate,
>                cfg->use_caps_bits_for_id, worker->ports, worker->numports,
>                cfg->unwanted_threshold, &worker_alloc_cleanup, worker,
> - -             cfg->do_udp);
> +               0);
>        if(!worker->back) {
>                log_err("could not create outgoing sockets");
>                worker_delete(worker);
>
>
> Paul
>