Maintained by: NLnet Labs

[Unbound-users] tcp and dnssec question

shmick at riseup.net
Mon Jun 3 17:17:11 CEST 2013


hi list,

i have unbound configured as follows:

Version 1.4.20
linked libs: libevent 2.0.21-stable (it uses epoll), ldns 1.6.16,
OpenSSL 1.0.1e 11 Feb 2013
linked modules: validator iterator
configured for i686-pc-linux-gnu on Fri May 31 00:02:11 EST 2013 with
options: '--with-pthreads' '--with-ldns' '--with-ssl' '--with-libevent'

validator-iterator yes as well


do-udp: "yes"


do-tcp: "yes"


tcp-upstream: "no"



when i conduct tests from Berkeley Uni's dns unit:

netalyzr.icsi.berkeley.edu

i get the following errors:


1.
Your DNS resolver may have significant transport-problems with the
upcoming DNSSEC deployments. The resolver is incapable of falling back
to TCP.

2.
Your resolver is incapable of using TCP to process requests when necessary.




any help on re-mediating these would be appreciated.

if somebody could try the test and see the interesting results with the
same tcp config as i have it would be interesting to see if it's a
repeatable result to isolate...