Maintained by: NLnet Labs

[Unbound-users] Forward Zones and .local

Leen Besselink
Wed Oct 12 15:35:24 CEST 2011


On Wed, Oct 12, 2011 at 02:24:04PM +0100, Ian Mordey wrote:
> I fixed this by adding:
> domain-insercure: "Allurian.local"
> to the config..
> 
> I appear to have another problem now:
> Oct 12 14:20:28 man01 unbound: [31813:1] info: validation failure test.dnssec-or-not.net. A IN
> Oct 12 14:20:28 man01 unbound: [31813:1] info: validation failure test.dnssec-or-not.net. AAAA IN
> Oct 12 14:21:46 man01 unbound: [31813:1] info: validation failure test.dnssec-or-not.net. A IN
> 
> Is this a valid error? It seems strange that a site for testing dnssec doesn't work!
> 
> If I test using http://dnssectest.sidn.nl/test.php I get a nice green tick..
> 

Seems your not the only one having problems with that domain:

http://dnssec-debugger.verisignlabs.com/test.dnssec-or-not.net
http://dnsviz.net/d/test.dnssec-or-not.net/dnssec/?rr=all&doe=on

> Cheers
> Ian
> 
> 
> From: unbound-users-bounces at NLnetLabs.nl [mailto:unbound-users-bounces at NLnetLabs.nl] On Behalf Of Ian Mordey
> Sent: 12 October 2011 12:58
> To: unbound-users at unbound.net
> Subject: [Unbound-users] Forward Zones and .local
> 
> Hi there
> I have some .local domains I need unbound to pass off to internal Active Directory DNS servers. For example:
> forward-zone:
>         name: "allurian.local"
>         forward-addr:   10.150.0.32
>         forward-addr:   10.150.0.33
> 
> However when I try to dig from my laptop Unbound gives me a servfail..
> 
> ; <<>> DiG 9.8.1 <<>> aaa01.allurian.local
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 55546
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;aaa01.allurian.local.                       IN           A
> 
> ;; Query time: 3 msec
> ;; SERVER: 10.150.0.50#53(10.150.0.50)
> ;; WHEN: Wed Oct 12 12:57:48 2011
> ;; MSG SIZE  rcvd: 38
> 
> Have I missed a config option somewhere?
> 
> Thanks
> Ian

> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users