[Unbound-users] private-address behaviour
W.C.A. Wijngaards
wouter at NLnetLabs.nl
Thu Jan 27 12:26:16 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Jakub,
On 01/27/2011 11:57 AM, Jakub Heichman wrote:
> Greetings,
>
> After configuring private-address (and private-domain) entries I was
> hoping that unbound would simply strip the private IP addresses from
> responses.
> However in my testing (unbound 1.4.8 and previous versions) I'm seeing
> that the queries will SERVFAIL, also for domains whose NS records point
> to a name that resolves to a private address, for example:
Yes this is caused by line 648 of iterator/iter_scrub.c. This is
extra-paranoid, since it can also just strip off the offending record.
> I'm wondering if this is expected behaviour? Should I be seeing SERVFAIL
> (note long query time) or NOERROR/NODATA with private data stripped?
If you comment out that line you get the behaviour with NOERROR/NODATA
with private data stripped.
Best regards,
Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk1BZGgACgkQkDLqNwOhpPiGLwCeJ4Cv3je+RXR3Ordsmsanq6zw
jDMAnRwlwzcBC6zvdebb5+PgN0TEHNzm
=DSZd
-----END PGP SIGNATURE-----
More information about the Unbound-users
mailing list