[Unbound-users] DNSSEC problems
Leen Besselink
leen at consolejunkie.net
Mon Jun 11 20:30:45 UTC 2012
> We actually got an update. And I am no longer seeing the error
> messages I previously reported. However, sanity check results are mixed:
>
> ;test.dnssec-or-not.net. IN TXT
If you clear the cache of unbound and do:
dig +dnssec test.dnssec-or-not.net TXT
Then it might work.
> It looks like test.dnssec-or-not.net isn't working at all. And lynx on
> http://dnssectest.sidn.nl/ reports that no form action is defined.
> Trying http://dnssectest.sidn.nl/ from my home system (which should be
> using the unbound) simply states that this test is taking unusually
> long and never domes back with anything else.
> >
It wouldn't work in Lynx because it depends on JavaScript I think.
I guess you have nothing cached, maybe that is why it takes that long ?
It might have caches the error ?
> > It is always easier to test small parts first.
> >
> > What is on the other side of dnscrypt ? OpenDNS ?
>
> Oh, my. :facepalm
>
> I think my intent was to connect to OpenDNS. But at the moment, I'm
> failing to find where I've configured this. All I see at the moment is,
>
> atlanta# cat /etc/conf.d/dnscrypt-proxy
> DNSCRYPT_LOCALIP=127.0.0.1
> DNSCRYPT_LOCALPORT=53
> DNSCRYPT_USER=nobody
>
> > Well, OpenDNS does not support DNSSEC.
>
> I'll have to look into this separately.
>
I think you can forward . to the Linode DNS-servers (check out the Remote Access tab of your Linode), they seem to support DNSSEC.
> Thanks!
No problem.
> - --
> David Benfell
More information about the Unbound-users
mailing list