[Unbound-users] Problem resolving private domains
W.C.A. Wijngaards
wouter at NLnetLabs.nl
Mon Oct 25 15:01:10 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Andreas,
On 10/25/2010 04:37 PM, lst_hoe02 at kwsoft.de wrote:
> Zitat von lst_hoe02 at kwsoft.de:
>> Sorry, forgot the first question. The "private-address:" is not set at
>> all, so Unbound should not stripe anything i guess?
>
> May it be related to the fact that the .cz TLD is DNSSEC signed and the
> .de not? Both subdomains don't use DNSSEC until now and have no trust
> chain but that's the only difference i came up with...
Yes if your own domain is not signed, then you must give:
domain-insecure: "domain2.cz"
So that unbound understands that there is no DS record published in .cz
for domain2.cz.
Best regards,
Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkzFm7YACgkQkDLqNwOhpPhWVwCgroNO3VLii53LyoA9qKovoGnr
uIIAnifRUX2228xbx2b3WyUszCp1yeyj
=IPaq
-----END PGP SIGNATURE-----
More information about the Unbound-users
mailing list