Maintained by: NLnet Labs

[Unbound-users] rDNS for fd::/8

Mike.
Wed Mar 27 17:14:57 CET 2013


My unbound config file is:

-------------------------------------
server:
	verbosity: 1

	statistics-interval: 84600
	statistics-cumulative: yes
	extended-statistics: yes

	interface:	10.20.1.1
	interface:	127.0.0.1
	interface:	fdcf:b715:2f4d:1::1
	interface:	::1

	access-control: 0.0.0.0/0		refuse
	access-control:	10.0.0.0/8		allow
	access-control: 127.0.0.1		allow

	access-control: ::0/0			refuse
	access-control: fdcf:b715:2f4d:1::/64	allow
	access-control: fe80::/64		allow
	access-control: ::1			allow
	access-control:	::ffff:127.0.0.1	allow
	access-control: 2001:xxxx:xxxx:1::/64	allow

	cache-min-ttl: 	0

	root-hints: "/var/unbound/etc/named.cache"

#	auto-trust-anchor-file:	"/var/unbound/etc/root.key"

	domain-insecure:	"241acl.lan"

	local-zone: "10.in-addr.arpa." nodefault
	local-zone: "d.f.ip6.arpa." nodefault


stub-zone:
	name: "241acl.lan"
	stub-addr: fdcf:b715:2f4d:3::1

stub-zone:
	name: "10.in-addr.arpa"
	stub-addr: fdcf:b715:2f4d:3::1

stub-zone:
	name: "d.f.ip6.arpa"
	stub-addr: fdcf:b715:2f4d:3::1



remote-control:
	control-enable: 	yes
	control-interface:	::1

-----------------------------------------

and I am running unbound 1.4.17 on OpenBSD 5.2.


With the config file as above, all forward and reverse DNS lookups work
fine.   However, when I uncomment the auto-trust-anchor-file, then the
rDNS look ups for fd::/8 addresses stop working.   Increasing log
verbosity, it looks like unbound is traipsing to the root servers
looking for a DNSSEC key and not finding one.  Then the rDNS request is
rejected, and I cannot figure out why....

I know I am missing something obvious, but I just cannot see it ....