Maintained by: NLnet Labs

[Unbound-users] What is needed for dnssec?

Marcel van Beurden
Tue Feb 14 01:46:32 CET 2012

Hi all,

I'm new to Unbound and DNSSEC. I'm using it on my home network to serve up
my local hostnames, provide me with DNSSEC and IPv6 support.

My 1st question is a general DNSSEC question. What do I need to have on my
desktop pc to have Firefox with the DNSSEC Validator addon to validate
DNSSEC-enabled websites? I have installed Unbound on my server (Debian 6.0)
and have my desktop pc (Ubuntu 11.10) use my server as DNS-server. This
does not seem to work. So I also installed Unbound on my desktop, and then
it seems to work. Is this how it's supposed to work?

My 2nd question is related to the 1st one. I have defined some local-data
in my unbound.conf on my server for the hostnames in my local LAN. This was
working for on both my server and desktop when I has Unbound only on the
server. When I installed it also on my desktop, Unbound on my desktop
obviously resolved everything and my local hostnames were not found. Then I
tried creating a forward-zone on my desktop pointed all queries to my
server. This too does not work for my local hostnames. How do I set this
up? Of course I only want to define my hostnames only ones...