[Unbound-users] Not sure if and why DNSSEC not working

Beeblebrox zaphod at berentweb.com
Tue Jun 24 09:11:41 UTC 2014

I'm stuck on how to debug this.
Are there any other tests I can run so as to find what's happening on
my end?

My unbound.conf is below and may have some "UNusual settings" with
regards to That's because normally dnscrypt-proxy is
running inside the same FreeBSD jail (VM) and unbound should forward
queries to it as a forward zone.

  verbosity: 3
  chroot: ""

    port: 53
    do-ip4: yes
    do-ip6: no
    do-udp: yes
    do-tcp: yes

    root-hints: "/var/unbound/root.hints"
    auto-trust-anchor-file: "/var/unbound/root.key"
    hide-identity: yes
    hide-version: yes
    harden-glue: yes
    harden-dnssec-stripped: yes
    harden-short-bufsize: yes
    harden-large-queries: yes
    unwanted-reply-threshold: 10000
    val-clean-additional: yes
    use-caps-for-id: yes
    cache-min-ttl: 43200
    cache-max-ttl: 172800
    prefetch: yes
    prefetch-key: yes

    num-threads: 1
    msg-cache-slabs: 4
    rrset-cache-slabs: 4
    infra-cache-slabs: 4
    key-cache-slabs: 4
    rrset-cache-size: 32m
    msg-cache-size: 16m


#   private-address:  - breaks dnscrypt-proxy
    do-not-query-localhost: no

#   Disabled_for_DNSSEC_debuging
#   forward-zone:
#   name: "."
#   forward-addr: 192.168.2.xx at 9040 #_setting at 9040 does not
work for some odd reason.

More information about the Unbound-users mailing list