wildcard dnssec test fails
Sebastian Schmidt
publicarray at posteo.net
Thu Dec 14 09:19:16 UTC 2017
Hi Paul,
> Is your unbound configured to use another DNS as forwarder?
Yes, to nsd for opennic TLDs which to my understanding should not impact this query.
Here is the config file:
# This file is managed by Ansible.
#
# template: /Users/seb/git/dns-resolver/required-roles/publicarray.unbound/templates/unbound.conf
# date: 2017-12-04 23:59:52
#
remote-control:
control-enable: yes
control-interface: 127.0.0.1
server:
num-threads: 1
msg-cache-slabs: 1
rrset-cache-slabs: 1
key-cache-slabs: 1
infra-cache-slabs: 1
msg-cache-size: 72m
rrset-cache-size: 144m
key-cache-size: 72m
neg-cache-size: 36m
domain-insecure: "dns.opennic.glue"
domain-insecure: "bbs"
domain-insecure: "bit"
domain-insecure: "chan"
domain-insecure: "cyb"
domain-insecure: "dyn"
domain-insecure: "free"
domain-insecure: "fur"
domain-insecure: "geek"
domain-insecure: "gopher"
domain-insecure: "indy"
domain-insecure: "libre"
domain-insecure: "neo"
domain-insecure: "null"
domain-insecure: "o"
domain-insecure: "opennic.glue"
domain-insecure: "oss"
domain-insecure: "oz"
domain-insecure: "parody"
domain-insecure: "pirate"
domain-insecure: "glue"
domain-insecure: "baza"
domain-insecure: "coin"
domain-insecure: "emc"
domain-insecure: "lib"
domain-insecure: "ku"
domain-insecure: "te"
domain-insecure: "ti"
domain-insecure: "uu"
num-queries-per-thread: 2048
local-zone: example. static
local-zone: local. static
local-zone: i2p. static
local-zone: home. static
local-zone: zghjccbob3n0. static
local-zone: dhcp. static
local-zone: lan. static
local-zone: localdomain. static
local-zone: ip. static
local-zone: internal. static
local-zone: openstacklocal. static
local-zone: dlink. static
local-zone: gw==. static
local-zone: gateway. static
local-zone: corp. static
local-zone: workgroup. static
local-zone: belkin. static
local-zone: davolink. static
local-zone: z. static
local-zone: domain. static
local-zone: virtualmin. static
local-zone: 2.dnscrypt-cert.dns refuse
outgoing-range: 4096
statistics-cumulative: no
auto-trust-anchor-file: root.key
private-address: 10.0.0.0/8
private-address: 172.16.0.0/12
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16
private-address: fd00::/8
private-address: fe80::/10
ratelimit: 200
ssl-service-pem: /usr/local/etc/unbound/certificate.pem
minimal-responses: yes
log-time-ascii: yes
do-not-query-localhost: no
hide-identity: yes
incoming-num-tcp: 200
infra-host-ttl: 3600
ssl-service-key: /usr/local/etc/unbound/private.key
chroot: /usr/local/etc/unbound
qname-minimisation: yes
statistics-interval: 0
port: 56
val-log-level: 1
use-syslog: yes
ssl-port: 853
hide-trustanchor: yes
infra-cache-numhosts: 50000
pidfile: unbound.pid
ip-ratelimit: 100
username: unbound
do-not-query-address: 10.0.0.0/8
do-not-query-address: 172.16.0.0/12
do-not-query-address: 192.168.0.0/16
serve-expired: yes
access-control: 0.0.0.0/0 allow
access-control: ::/0 allow
hide-version: yes
unwanted-reply-threshold: 10000000
udp-upstream-without-downstream: yes
root-hints: root.hints
interface: 127.0.0.1
interface: ::1
interface: 0.0.0.0 at 853
interface: ::0 at 853
logfile: unbound.log
prefetch-key: yes
cache-max-ttl: 86400
verbosity: 0
neg-cache-size: 25m
cache-min-ttl: 300
prefetch: yes
directory: /usr/local/etc/unbound
rrset-roundrobin: yes
extended-statistics: yes
jostle-timeout: 325
stub-zone:
name: "dns.opennic.glue"
stub-addr: "127.0.0.1 at 57" # NSD Authorative Slave DNS server
stub-zone:
name: "bbs"
stub-addr: "127.0.0.1 at 57"
stub-zone:
name: "bit"
stub-addr: "127.0.0.1 at 57"
stub-zone:
name: "chan"
stub-addr: "127.0.0.1 at 57"
stub-zone:
name: "cyb"
stub-addr: "127.0.0.1 at 57"
stub-zone:
name: "dyn"
stub-addr: "127.0.0.1 at 57"
stub-zone:
name: "free"
stub-addr: "127.0.0.1 at 57"
stub-zone:
name: "fur"
stub-addr: "127.0.0.1 at 57"
stub-zone:
name: "geek"
stub-addr: "127.0.0.1 at 57"
stub-zone:
name: "gopher"
stub-addr: "127.0.0.1 at 57"
stub-zone:
name: "indy"
stub-addr: "127.0.0.1 at 57"
stub-zone:
name: "libre"
stub-addr: "127.0.0.1 at 57"
stub-zone:
name: "neo"
stub-addr: "127.0.0.1 at 57"
stub-zone:
name: "null"
stub-addr: "127.0.0.1 at 57"
stub-zone:
name: "o"
stub-addr: "127.0.0.1 at 57"
stub-zone:
name: "opennic.glue"
stub-addr: "127.0.0.1 at 57"
stub-zone:
name: "oss"
stub-addr: "127.0.0.1 at 57"
stub-zone:
name: "oz"
stub-addr: "127.0.0.1 at 57"
stub-zone:
name: "parody"
stub-addr: "127.0.0.1 at 57"
stub-zone:
name: "pirate"
stub-addr: "127.0.0.1 at 57"
# OpenNIC Peers:
stub-zone:
name: "baza"
stub-host: "seed1.emercoin.com"
stub-host: "seed2.emercoin.com"
stub-zone:
name: "coin"
stub-host: "seed1.emercoin.com"
stub-host: "seed2.emercoin.com"
stub-zone:
name: "emc"
stub-host: "seed1.emercoin.com"
stub-host: "seed2.emercoin.com"
stub-zone:
name: "lib"
stub-host: "seed1.emercoin.com"
stub-host: "seed2.emercoin.com"
stub-zone:
name: "ku"
stub-addr: "127.0.0.1 at 57"
stub-addr: "5.45.96.220" # ns1.new-nations.ku
stub-addr: "185.82.22.133" # ns2.new-nations.ku
stub-zone:
name: "te"
stub-addr: "127.0.0.1 at 57"
stub-addr: "5.45.96.220" # ns1.new-nations.te
stub-addr: "185.82.22.133" # ns2.new-nations.te
stub-zone:
name: "ti"
stub-addr: "127.0.0.1 at 57"
stub-addr: "5.45.96.220" # ns1.new-nations.ti
stub-addr: "185.82.22.133" # ns2.new-nations.ti
stub-zone:
name: "uu"
stub-addr: "127.0.0.1 at 57"
stub-addr: "5.45.96.220" # ns1.new-nations.uu
stub-addr: "185.82.22.133" # ns2.new-nations.uu
Regards
Sebastian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20171214/c3d5db68/attachment.htm>
More information about the Unbound-users
mailing list