Maintained by: NLnet Labs

[Unbound-users] DNSSEC and traffic encryption questions

Leen Besselink
Mon Feb 24 14:01:20 CET 2014


On Mon, Feb 24, 2014 at 02:52:29PM +0200, Beeblebrox wrote:
> Hi Wouter. Thanks for your explanation.
> 
> For the dnssec not-enabled problem, my unbound.conf has that file
> enabled. Other settings (edited to save space). Currently no
> forward-zoned defined
> port: 53 \ do-ip4: yes \ do-ip6: no \ do-udp: yes \ do-tcp: yes
> root-hints: "/var/unbound/root.hints"
> hide-identity: yes \ hide-version: yes
> harden-dnssec-stripped: yes \ harden-short-bufsize: yes \
> harden-large-queries: yes
> auto-trust-anchor-file: "/var/unbound/root.key" \ val-clean-additional: yes
> ------------------------
> drill com. SOA +dnssec
> ;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 56264
> ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> ;; QUESTION SECTION: \ ;; +dnssec. IN SOA
> ;; ANSWER SECTION:
> ;; AUTHORITY SECTION:  86400 IN SOA a.root-servers.net.
> nstld.verisign-grs.com. 2014022400 1800 900 604800 86400
> -----------------------
> 
> Also, if I set "include: /var/unbound/ad_servers" in unbound.conf is
> breaking the server start-up for some reason. The file has parsed list
> from yoyo-ad-servers, in the form:
> local-zone: "101com.com" redirect
> local-data: "101com.com A 127.0.0.1"    ...etc
> What's the correct syntax for "include"?
> 

I believe it needs quotes:

include: "/var/unbound/ad_servers"

> Regards.
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users