[Unbound-users] "Tunnel" dnssec through local forward-zone?
Paul Wouters
paul at xelerance.com
Mon Jul 25 20:05:26 UTC 2011
On Mon, 25 Jul 2011, Paul Wouters wrote:
>> Now I'm trying to get dnssec working but I've run in to some problems.
>
> Why are you doing this? unbound can do queries using just tcp per default, so
> you
> do not need to use ttdnsd. I assume you're trying to proxy dns to an
> anonymiser
> network like tor?
>
> Try this unbound patch, and set unbound to use tcp only in unbound.conf using
> do-udp:no and do-tcp:yes.
That should be do-udp:yes. The patch disabled the activation of udp for outgoing
queries but the do-udp:yes allows udp for incoming (localhost) queries.
Paul
> I've sent this to the tor people before, but they haven't gotten back to me
> with test results. If we have positive results, we might be able to convince
> Wouter to make the below patch a runtime option.
>
> Index: daemon/worker.c
> ===================================================================
> - --- daemon/worker.c (revision 2279)
> +++ daemon/worker.c (working copy)
> @@ -1090,7 +1090,7 @@
> worker->daemon->env->infra_cache, worker->rndstate,
> cfg->use_caps_bits_for_id, worker->ports, worker->numports,
> cfg->unwanted_threshold, &worker_alloc_cleanup, worker,
> - - cfg->do_udp);
> + 0);
> if(!worker->back) {
> log_err("could not create outgoing sockets");
> worker_delete(worker);
>
>
> Paul
>
More information about the Unbound-users
mailing list