[Unbound-users] SERVFAIL for an abbreviated TLD local zone

Jeroen Massar jeroen at massar.ch
Mon Dec 8 06:46:12 UTC 2014


On 2014-12-08 07:41, Jeroen Massar wrote:
> On 2014-12-07 20:52, martin f krafft wrote:
> [..]
>> I fI remove the auto-trust-anchor-file config directive, it works,
>> so it seems this is DNSSEC-related (none of my zones are signed
>> yet). Can someone enlighten me and help em understand what's going
>> on?
> 
> As the root does not know your custom zone, that custom zone is not
> properly signed and voila ;)
> 
> Maybe what you want to do is use the 'search domain' option to point it
> to the non-local edition; or .... disable dnssec (possibly selectively)

As per:

http://utcc.utoronto.ca/~cks/space/blog/linux/UnboundDNSforVPN

8<---------
# Don't try to do DNSSEC for these
domain-insecure: gern
---------->8

Should do the trick for you :)

Greets,
 Jeroen




More information about the Unbound-users mailing list