[Unbound-users] DNSSEC problems

Leen Besselink leen at consolejunkie.net
Mon Jun 11 07:23:51 UTC 2012

On Sun, Jun 10, 2012 at 04:04:18PM -0700, David Benfell wrote:
> Hash: SHA1
> Hi Leen,
> On 06/10/12 14:07, Leen Besselink wrote:
> > dig +norec +dnssec @ . NS
> It's not a Mac. It's a Linode running Arch Linux. Here is what I get
> from the above:

Sorry for confusing your discussion with the other.

That output looks fine to me.

Linode ? My Linode got 2 nameservers assigned which support validated DNSSEC just fine.

So maybe you don't even need Unbound ? Unless you distrust the network of course.

Anyway, I think Jan-Piet Mens is on the right track. Please remove the forward-zone for '.'
as a test. My guess is, it would start working.

It is always easier to test small parts first.

What is on the other side of dnscrypt ? OpenDNS ?

Well, OpenDNS does not support DNSSEC.

More information about the Unbound-users mailing list