Maintained by: NLnet Labs

[Unbound-users] Servers for local zones that are not signed

W.C.A. Wijngaards
Fri Jul 6 14:45:22 CEST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Eugene,

On 07/06/2012 02:25 PM, Eugene Crosser wrote:
> On 07/06/2012 03:33 PM, Jan-Piet Mens wrote:
>>> So unbound asks dnsmasq for the address of "myhost.lan" as it
>>> is instructed by forward-zone, gets correct result (!), but
>>> then marks it bogus because it cannot establish trust chain.
>> 
>> You'll need
>> 
>> private-domain: "lan." domain-insecure: "lan."
> 
> Wow, that was fast! After also adding "do-not-query-localhost: no"
> (and 'local-zone: "168.192.in-addr.arpa" nodefault' for the reverse
> zone) it all worked!
> 
> Thanks a lot!
> 
> Any chance to make these sort of tricks more apparent in the
> documentation?

Where in the documentation have you been looking, i.e. does it make
sense to add some text to help out?

Best regards,
   Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP9t3iAAoJEJ9vHC1+BF+N968P+wcvL6ItGXtzuu5LU9uzsII0
wIcFUcl36oQ4ktrQBma5eETYQq8shYbhkFXdtBStMxQ+E5zryNnYkTVj1/r6vxtw
3gaeGF8wmWjIRuQ8yG1oZHKzOogjxJxym8cr7vvRedCFjWY3AlTIgBO/7LKqWdKT
ADBAEahG4dHHmo48oDBNusyrCJLL2JGtQt/cP5lM76MevMZnzieCxJPelsrA0f8W
xCHxfdZ1pd4JUI7PrjEKyzkyo2ZUep0tbL7tEJ9yvrlhuqTwEruLgmVGSXh6v09H
NRddmAXuXEbvH8OvPF/hGANuZq8AbNaQ5S8N8xJHCbbzioEaz0HpYJODObI0Mcci
26KX/Xrz8O0MvytYsM8aizJEZhTktKh71DSvDRPow5rptBnacVTNXlhlmp4yolTj
4Zmpk7b6qVu9bA8bc5Vde78kI+Gh/3SSWUm2pUVE0vsRJ+7U2XiCZmpVHAfYyCeO
Kuwr+/ev1533s1HewxUm1AFV89l2JH8Xjotzox+rkI5GqKFYO3uKElCU/4ldcIXf
IZgPsAGVY7eln7GyMh3wC74pc5CxBlxrEKK9GTcKa5Cg6zYHhi33k/SNqLK0p9QN
rR0JJr8WjouW4N5PD4mGBS3t3/W6GW4K+ncaQBaeH3OaMgYy+m47+dJVl1JkOaoh
K/KdyRE/h2/HqoJgzZ46
=P8pf
-----END PGP SIGNATURE-----