[Unbound-users] SERVFAIL for an abbreviated TLD local zone
Jeroen Massar
jeroen at massar.ch
Mon Dec 8 06:46:12 UTC 2014
On 2014-12-08 07:41, Jeroen Massar wrote:
> On 2014-12-07 20:52, martin f krafft wrote:
> [..]
>> I fI remove the auto-trust-anchor-file config directive, it works,
>> so it seems this is DNSSEC-related (none of my zones are signed
>> yet). Can someone enlighten me and help em understand what's going
>> on?
>
> As the root does not know your custom zone, that custom zone is not
> properly signed and voila ;)
>
> Maybe what you want to do is use the 'search domain' option to point it
> to the non-local edition; or .... disable dnssec (possibly selectively)
As per:
http://utcc.utoronto.ca/~cks/space/blog/linux/UnboundDNSforVPN
8<---------
# Don't try to do DNSSEC for these
domain-insecure: gern
---------->8
Should do the trick for you :)
Greets,
Jeroen
More information about the Unbound-users
mailing list