[Unbound-users] DNSSEC problems
Leen Besselink
leen at consolejunkie.net
Mon Jun 11 07:23:51 UTC 2012
On Sun, Jun 10, 2012 at 04:04:18PM -0700, David Benfell wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Leen,
>
> On 06/10/12 14:07, Leen Besselink wrote:
> > dig +norec +dnssec @193.0.14.129 . NS
>
> It's not a Mac. It's a Linode running Arch Linux. Here is what I get
> from the above:
Sorry for confusing your discussion with the other.
That output looks fine to me.
Linode ? My Linode got 2 nameservers assigned which support validated DNSSEC just fine.
So maybe you don't even need Unbound ? Unless you distrust the network of course.
Anyway, I think Jan-Piet Mens is on the right track. Please remove the forward-zone for '.'
as a test. My guess is, it would start working.
It is always easier to test small parts first.
What is on the other side of dnscrypt ? OpenDNS ?
Well, OpenDNS does not support DNSSEC.
More information about the Unbound-users
mailing list