Maintained by: NLnet Labs

[Unbound-users] "Tunnel" dnssec through local forward-zone?

Leen Besselink
Wed Jul 27 00:18:43 CEST 2011


On 07/26/2011 06:11 PM, Paul Wouters wrote:
> On Tue, 26 Jul 2011, Leen Besselink wrote:
>
>> Are you sure 8.8.8.8 supports DNSSEC ? Because than I would have
>> expected this to work:
>>
>> $ cat /etc/resolv.conf
>> nameserver 8.8.8.8
>> $ ./unbound-host -h | grep Version # with ldns-1.6.10 and only one
>> configure option: --disable-gost
>> Version 1.4.12
>
> note unbound-host uses configuration from /etc/unbound/unbound.conf
> and not the system
> resolver.
>

That is why I had use the -r as an argument to the unbound-host command.

> You're right, google does not yet fully support all DNSSEC records. It
> does support
> returning RRSIGs and DNSKEYs but it does not seem to support DS
> records yet.
>

I guess it doesn't know it needs to talk to the nameservers of the
parentzone to get the DS ?

> Paul