[Unbound-users] SERVFAIL for an abbreviated TLD local zone

Jeroen Massar jeroen at massar.ch
Mon Dec 8 06:46:12 UTC 2014

On 2014-12-08 07:41, Jeroen Massar wrote:
> On 2014-12-07 20:52, martin f krafft wrote:
> [..]
>> I fI remove the auto-trust-anchor-file config directive, it works,
>> so it seems this is DNSSEC-related (none of my zones are signed
>> yet). Can someone enlighten me and help em understand what's going
>> on?
> As the root does not know your custom zone, that custom zone is not
> properly signed and voila ;)
> Maybe what you want to do is use the 'search domain' option to point it
> to the non-local edition; or .... disable dnssec (possibly selectively)

As per:


# Don't try to do DNSSEC for these
domain-insecure: gern

Should do the trick for you :)


More information about the Unbound-users mailing list