[Unbound-users] Not sure if and why DNSSEC not working
Beeblebrox
zaphod at berentweb.com
Tue Jun 24 09:11:41 UTC 2014
I'm stuck on how to debug this.
Are there any other tests I can run so as to find what's happening on
my end?
My unbound.conf is below and may have some "UNusual settings" with
regards to 127.0.0.1. That's because normally dnscrypt-proxy is
running inside the same FreeBSD jail (VM) and unbound should forward
queries to it as a forward zone.
unbound.conf:
server:
verbosity: 3
chroot: ""
interface: 127.0.0.1
port: 53
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
root-hints: "/var/unbound/root.hints"
auto-trust-anchor-file: "/var/unbound/root.key"
hide-identity: yes
hide-version: yes
harden-glue: yes
harden-dnssec-stripped: yes
harden-short-bufsize: yes
harden-large-queries: yes
unwanted-reply-threshold: 10000
val-clean-additional: yes
use-caps-for-id: yes
cache-min-ttl: 43200
cache-max-ttl: 172800
prefetch: yes
prefetch-key: yes
num-threads: 1
msg-cache-slabs: 4
rrset-cache-slabs: 4
infra-cache-slabs: 4
key-cache-slabs: 4
rrset-cache-size: 32m
msg-cache-size: 16m
private-address: 192.168.1.0/24
private-address: 192.168.2.0/24
# private-address: 127.0.1.0/28 - breaks dnscrypt-proxy
do-not-query-localhost: no
# Disabled_for_DNSSEC_debuging
# forward-zone:
# name: "."
# forward-addr: 192.168.2.xx at 9040 #_setting 127.0.0.1 at 9040 does not
work for some odd reason.
/EOF
--
FreeBSD_amd64_11-Current_RadeonKMS
More information about the Unbound-users
mailing list