[Unbound-users] Setting Unbound as validating resolver for stub zones
Sebastian Castro
sebastian at nzrs.net.nz
Wed Feb 23 10:06:23 UTC 2011
On 02/23/2011 08:02 PM, W.C.A. Wijngaards wrote:
> Hi Sebastian,
Hi Wouter,
Your indications helped and now works, thanks. Just a quick note below.
>> stub-zone:
>> name: "parent"
>> stub-addr: A.B.C.D at 53
>> stub-prime: no
>
> Here needs to be another stub-zone: line to start another stub-zone.
>
Shouldn't unbound check for the correct syntax of the configuration
file? In this case is correct, but ambiguous.
>> name: "child1.parent"
>> stub-addr: A.B.C.D at 53
>> stub-prime: no
>
>> A.B.C.D is serving a signed zone for parent and child1.parent with valid
>> data (sig chasing with dig or drill works).
>
>> If I try querying Unbound for <SOA, parent>, I get an answer but no AD bit.
>
> You have to use +dnssec to get the AD bit on the reply. If the
> signature failed you would not get a reply, so I think it validated.
>
What a newbie! How I missed that... thanks!
>
> Best regards,
> Wouter
Cheers,
--
Sebastian Castro
DNS Specialist
.nz Registry Services (New Zealand Domain Name Registry Limited)
desk: +64 4 495 2337
mobile: +64 21 400535
More information about the Unbound-users
mailing list