Maintained by: NLnet Labs

prevent unbound from attempting to contact root servers?

A. Schulze
Thu Nov 17 16:32:02 CET 2016


Sonic via Unbound-users:

> On Wed, Nov 16, 2016 at 3:21 PM, James Ralston via Unbound-users
> <unbound-users at unbound.net> wrote:
>> module-config: "iterator"
>
> On the systems where I'm using just 'module-config: "iterator"' there
> is no root.hints or named.cache file and no attempt is made by unbound
> to contact the root servers.

I use to let module-config to whatever is unbound's default. I don't  
mention it in unbound.conf
On a stupid forwarder without DNSSEC validation I use something like this:

forward-zone:
   name: "."
   forward-addr: 192.0.53.53

server:
   local-zone: "10.in-addr.arpa." transparent
   ip-address: 127.0.0.1
   do-ip6: no
   chroot: /chroot/unbound
   do-daemonize: no
   logfile: ""
   pidfile: ""

remote-control:
   control-enable: yes
   control-interface: /run/unbound.control-interface
   control-use-cert: no

Andreas