[Unbound-users] Problem resolving private domains
lst_hoe02 at kwsoft.de
lst_hoe02 at kwsoft.de
Mon Oct 25 18:19:00 UTC 2010
Zitat von "W.C.A. Wijngaards" <wouter at NLnetLabs.nl>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Andreas,
>
> On 10/25/2010 04:37 PM, lst_hoe02 at kwsoft.de wrote:
>> Zitat von lst_hoe02 at kwsoft.de:
>>> Sorry, forgot the first question. The "private-address:" is not set at
>>> all, so Unbound should not stripe anything i guess?
>>
>> May it be related to the fact that the .cz TLD is DNSSEC signed and the
>> .de not? Both subdomains don't use DNSSEC until now and have no trust
>> chain but that's the only difference i came up with...
>
> Yes if your own domain is not signed, then you must give:
> domain-insecure: "domain2.cz"
>
> So that unbound understands that there is no DS record published in .cz
> for domain2.cz.
Okay, with "domain-insecure: domain2.cz" it works. But it strikes me
odd why the internal.domain2.cz is different from Unbound point of
view then any other .cz domain? After all Unbound does forward all
queries anyway to the upstream Bind. I guess it is best to list all
private domains also as insecure domain in case the TLDs will be
signed some day.
Many Thanks
Andreas
More information about the Unbound-users
mailing list