[Dnssec-trigger] Bug reports ?
wouter at NLnetLabs.nl
Fri Oct 21 14:51:04 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
On 10/21/2011 04:39 PM, Phil Regnauld wrote:
> W.C.A. Wijngaards (wouter) writes:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> Hi Phil,
>> On 10/21/2011 04:13 PM, Phil Regnauld wrote:
>>> I have a strange issue I'm trying to debug with dnssec-trigger + unbound 1.4.13
>>> on OS X Lion, and a broken network with TCP/53 only. Should I use this list
>>> to discuss this issue, or submit the problem somewhere else ?
>> Yes use this list.
>> TCP/53 only, it must try to use the tcp-80 and tcp-443 fallback servers?
>> Does that work? (you may be first to actually use it).
> Nope, didn't work. I'm seeing a strange combination of problems which
> led med to work around just to get DNS resolution working:
> - tcp-upstream: yes in unbound.conf
> - disable auto-trust-anchor (and validation)
> - turn off dnssec-trigger (that was 0.5, but I've just upgraded to 0.6
> following your announcement)
Ok, unbound's tcp-upstream works then :-)
> I'll try again with 0.6 a bit later, and will make sure it's not an
> issue with unbound first, then get back to the list.
Alright, thanks for that, remove the tcp-upstreamyes from the conf when
you try again (and add the trustanchoragain), otherwise dnssec-trigger
You can always try 'Hotspot signon' which puts you in insecure mode: the
servers from DHCP are used, and unbound is bypassed. Maybe that is
useful during debugging to get DHCP-connectivity again.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the dnssec-trigger