Maintained by: NLnet Labs

[Unbound-users] DNSSEC problems

Leen Besselink
Mon Jun 11 09:23:51 CEST 2012


On Sun, Jun 10, 2012 at 04:04:18PM -0700, David Benfell wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi Leen,
> 
> On 06/10/12 14:07, Leen Besselink wrote:
> > dig +norec +dnssec @193.0.14.129 . NS
> 
> It's not a Mac. It's a Linode running Arch Linux. Here is what I get
> from the above:

Sorry for confusing your discussion with the other.

That output looks fine to me.

Linode ? My Linode got 2 nameservers assigned which support validated DNSSEC just fine.

So maybe you don't even need Unbound ? Unless you distrust the network of course.

Anyway, I think Jan-Piet Mens is on the right track. Please remove the forward-zone for '.'
as a test. My guess is, it would start working.

It is always easier to test small parts first.

What is on the other side of dnscrypt ? OpenDNS ?

Well, OpenDNS does not support DNSSEC.