Maintained by: NLnet Labs

[Unbound-users] Servers for local zones that are not signed

Eugene Crosser
Fri Jul 6 14:25:39 CEST 2012


On 07/06/2012 03:33 PM, Jan-Piet Mens wrote:
>> So unbound asks dnsmasq for the address
>> of "myhost.lan" as it is instructed by forward-zone, gets correct result (!),
>> but then marks it bogus because it cannot establish trust chain.
> 
> You'll need
> 
>         private-domain: "lan."
>         domain-insecure: "lan."

Wow, that was fast!
After also adding "do-not-query-localhost: no" (and 'local-zone:
"168.192.in-addr.arpa" nodefault' for the reverse zone) it all worked!

Thanks a lot!

Any chance to make these sort of tricks more apparent in the documentation?

Eugene

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
URL: <http://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20120706/f239b1e0/attachment.pgp>