paul at xelerance.com
Sun Jun 27 15:52:28 UTC 2010
On Sun, 27 Jun 2010, Papp Tamás wrote:
> So I've juest tested it bit, and this option is the problem:
> dlv-anchor-file: "/etc/unbound/dlv.isc.org.key"
It seems google's DNS does not understand DLV records:
dig +norecur -t dlv isc.org.dlv.isc.org @22.214.171.124
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63442
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;isc.org.dlv.isc.org. IN DLV
;; Query time: 44 msec
;; SERVER: 126.96.36.199#53(188.8.131.52)
;; WHEN: Sun Jun 27 11:48:35 2010
;; MSG SIZE rcvd: 37
So you cannot use google as forwarding while using DLV.
> BTW, what does stub-prime exactly do? I'm afraid, it's not clear to me, what
> does "it performs NS set priming" mean?
It is used when you want to "override" the real NS set and do the lookup of
a zone via nameservers that are not in the "official zone".
For example, to reach the Canadian testbed for DNSSEC, which runs a signed
shadow tree for the entire .ca zone, you would use:
Now instead of using the NS records in the root zone that point to ca. unbound
will use these two addresses instead.
More information about the Unbound-users