Problem with rfc7706 config

Wouter Wijngaards wouter at nlnetlabs.nl
Mon Apr 8 12:54:13 UTC 2019


Hi Tuomo,

On 4/8/19 2:25 PM, Tuomo Soini via Unbound-users wrote:
> On Mon, 8 Apr 2019 14:14:26 +0300
> Tuomo Soini via Unbound-users <unbound-users at nlnetlabs.nl> wrote:
> 
>> I have a system which has IPv4 connectivity only.
>>
>> # This is rfc7706 config
>> # https://www.dns.icann.org/services/axfr/
>> auth-zone:
>>         name: "."
>>         for-downstream: no
>>         for-upstream: yes
>>         fallback-enabled: yes
>>         zonefile: /var/lib/unbound/root.zone
>>         master: lax.xfr.dns.icann.org.
>>         master: iad.xfr.dns.icann.org.
>>
>> Problem is there will not be zonexfer of zone. My guess is unbound
>> only tries ipv6 addresses of masters. When dns name is used,
>> I'd expect unbound to use both IPv4 and IPv6 addresses for axfr when
>> server name has both addresses.
>>
> 
> Config works just fine on systems with IPv6 connectivity. In fact I
> guess unbound shouldn't even try to use ipv6 for zonexfer when host
> doesn't have global ipv6 address.
> 

Can you update from svn trunk, and use the debugging (verbosity 4)
output in there to get more details about what is happening?

Debug output is added so that the probe, but also SOA timeout and so on
is visible, and if I try that I can see it move from ip6 to ip4.

Best regards, Wouter

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20190408/00dbf9b6/attachment.bin>


More information about the Unbound-users mailing list