Maintained by: NLnet Labs

local stubs not served when internet down

Tor Perkins
Wed Jun 22 16:32:26 CEST 2016


On Tue, Jun 21, 2016 at 11:34:19PM +0200, A. Schulze via Unbound-users wrote:
> 
> 
> Am 21.06.2016 um 19:23 schrieb Daisuke HIGASHI via Unbound-users:
> >   I guess that your unbound resolver is set to do DNSSEC validation.

I do not think so.

My conf file has this sample snippet:

  # Uncomment to enable DNSSEC validation.
  #
  #auto-trust-anchor-file: "/var/unbound/db/root.key"

I've not uncommented the above.  Additionally, I've not run the
command to generate /var/unbound/db/root.key (it does not exist on my
system).

I have a pretty basic setup.  It's not exposed to internet traffic.
Full anonimized and condensed conf below.

- Tor

--------------------------------

server:
  interface: 127.0.0.1
  interface: 10.1.0.1
  interface: 10.2.0.1
  do-ip6: no

  max-udp-size: 1024

  access-control: 0.0.0.0/0 allow_snoop

  hide-identity: yes
  hide-version: yes
  use-caps-for-id: yes

  do-not-query-localhost: no
  rrset-roundrobin: yes
  minimal-responses: yes

  outgoing-port-avoid:3128
  outgoing-port-avoid:6881-6999

  local-zone: "10.in-addr.arpa." nodefault

remote-control:
  control-enable: yes
  control-use-cert: no
  control-interface: /var/run/unbound.sock

stub-zone:
  name: "10.in-addr.arpa."
  stub-addr: 127.0.0.1 at 54
stub-zone:
  name: "dom1.net."
  stub-addr: 127.0.0.1 at 54
stub-zone:
  name: "dom2.com."
  stub-addr: 127.0.0.1 at 54