[Unbound-users] DNSSEC problems

Leen Besselink leen at consolejunkie.net
Mon Jun 11 20:30:45 UTC 2012


> We actually got an update. And I am no longer seeing the error
> messages I previously reported. However, sanity check results are mixed:
> 
> ;test.dnssec-or-not.net.		IN	TXT

If you clear the cache of unbound and do:

dig +dnssec test.dnssec-or-not.net TXT

Then it might work.

> It looks like test.dnssec-or-not.net isn't working at all. And lynx on
> http://dnssectest.sidn.nl/ reports that no form action is defined.
> Trying http://dnssectest.sidn.nl/ from my home system (which should be
> using the unbound) simply states that this test is taking unusually
> long and never domes back with anything else.
> > 

It wouldn't work in Lynx because it depends on JavaScript I think.

I guess you have nothing cached, maybe that is why it takes that long ?

It might have caches the error ?

> > It is always easier to test small parts first.
> > 
> > What is on the other side of dnscrypt ? OpenDNS ?
> 
> Oh, my. :facepalm
> 
> I think my intent was to connect to OpenDNS. But at the moment, I'm
> failing to find where I've configured this. All I see at the moment is,
> 
> atlanta# cat /etc/conf.d/dnscrypt-proxy
> DNSCRYPT_LOCALIP=127.0.0.1
> DNSCRYPT_LOCALPORT=53
> DNSCRYPT_USER=nobody
> 
> > Well, OpenDNS does not support DNSSEC.
> 
> I'll have to look into this separately.
> 

I think you can forward . to the Linode DNS-servers (check out the Remote Access tab of your Linode), they seem to support DNSSEC.

> Thanks!

No problem.

> - -- 
> David Benfell



More information about the Unbound-users mailing list