Fwd: Unbound 1.9.1rc1 pre-release
A. Schulze
sca at andreasschulze.de
Thu Mar 7 15:40:07 UTC 2019
intended to be sent to this list ...
-------- Weitergeleitete Nachricht --------
Betreff: Re: Unbound 1.9.1rc1 pre-release
Datum: Thu, 7 Mar 2019 16:05:45 +0100
Von: A. Schulze <sca at andreasschulze.de>
An: Wouter Wijngaards <wouter at nlnetlabs.nl>
Am 05.03.19 um 10:37 schrieb Wouter Wijngaards via Unbound-users:
> Unbound 1.9.1rc1 pre-release is available:
Hello Wouter,
compiled and work on my usual lab servers.
BUT - I'm currently behind a broken WLAN that implement a captive portal by dns rewrites.
And here I can't use unbound (neither 1.9.0 nor this rc) at all. I switched to stubby ...
server:
aggressive-nsec: yes
chroot: "/var/lib/unbound"
do-daemonize: no
extended-statistics: yes
logfile: ""
log-replies: yes
log-servfail: yes
log-tag-queryreply: yes
harden-referral-path: yes
harden-glue: yes
outgoing-tcp-mss: 1220
pidfile: ""
rrset-roundrobin: yes
tcp-mss: 1220
statistics-interval: 3600
statistics-cumulative: yes
unwanted-reply-threshold: 10000
use-caps-for-id: yes
val-log-level: 2
tls-session-ticket-keys: /dev/shm/current.key
tls-session-ticket-keys: /dev/shm/previous.key
auto-trust-anchor-file: trust/rfc5011.anchor
module-config: "subnetcache validator iterator"
interface: ::1
interface: 127.0.0.1
do-ip6: no
interface: 127.0.0.1 at 853
ssl-service-pem: /etc/ssl/chain.pem
ssl-service-key: /etc/ssl/key.pem
ssl-port: 853
tls-cert-bundle: "etc/unbound/tls-cert-bundle.pem"
remote-control:
control-enable: yes
control-interface: /run/unbound.socket
control-use-cert: no
dnstap:
dnstap-enable: yes
dnstap-socket-path: "/dnstap/unbound.socket"
dnstap-log-resolver-response-messages: yes
dnstap-log-client-query-messages: yes
dnstap-log-resolver-query-messages: yes
dnstap-log-resolver-response-messages: yes
dnstap-log-forwarder-query-messages: yes
dnstap-log-forwarder-response-messages: yes
starting unbound give that log:
[1551970980] unbound[28427:0] notice: read tls-session-ticket-key: /dev/shm/current.key
[1551970980] unbound[28427:0] notice: read tls-session-ticket-key: /dev/shm/previous.key
[1551970980] unbound[28427:0] notice: init module 0: subnet
[1551970980] unbound[28427:0] notice: init module 1: validator
[1551970980] unbound[28427:0] notice: init module 2: iterator
[1551970980] unbound[28427:0] notice: attempting to connect to dnstap socket /dnstap/unbound.socket
[1551970980] unbound[28427:0] notice: dnstap Message/RESOLVER_QUERY enabled
[1551970980] unbound[28427:0] notice: dnstap Message/RESOLVER_RESPONSE enabled
[1551970980] unbound[28427:0] notice: dnstap Message/CLIENT_QUERY enabled
[1551970980] unbound[28427:0] notice: dnstap Message/FORWARDER_QUERY enabled
[1551970980] unbound[28427:0] notice: dnstap Message/FORWARDER_RESPONSE enabled
[1551970980] unbound[28427:0] info: start of service (unbound 1.9.1rc1).
and now one query:
[1551971036] unbound[28427:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
[1551971037] unbound[28427:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
[1551971037] unbound[28427:0] info: generate keytag query _ta-4f66. NULL IN
[1551971037] unbound[28427:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
[1551971037] unbound[28427:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
[1551971037] unbound[28427:0] info: generate keytag query _ta-4f66. NULL IN
[1551971037] unbound[28427:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
[1551971037] unbound[28427:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
[1551971037] unbound[28427:0] info: generate keytag query _ta-4f66. NULL IN
[1551971037] unbound[28427:0] error: SERVFAIL <e.gtld-servers.net. A IN>: could not fetch nameserver at zone net.
[1551971037] unbound[28427:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
[1551971037] unbound[28427:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
[1551971037] unbound[28427:0] info: generate keytag query _ta-4f66. NULL IN
[1551971037] unbound[28427:0] error: SERVFAIL <h.root-servers.net. A IN>: 0x20 failed, then got different replies in fallback
[1551971037] unbound[28427:0] error: SERVFAIL <e.root-servers.net. A IN>: 0x20 failed, then got different replies in fallback
[1551971037] unbound[28427:0] error: SERVFAIL <m.root-servers.net. A IN>: 0x20 failed, then got different replies in fallback
[1551971037] unbound[28427:0] error: SERVFAIL <k.root-servers.net. A IN>: 0x20 failed, then got different replies in fallback
[1551971037] unbound[28427:0] error: SERVFAIL <f.root-servers.net. A IN>: 0x20 failed, then got different replies in fallback
[1551971037] unbound[28427:0] error: SERVFAIL <g.root-servers.net. A IN>: 0x20 failed, then got different replies in fallback
[1551971037] unbound[28427:0] error: SERVFAIL <i.root-servers.net. A IN>: 0x20 failed, then got different replies in fallback
[1551971037] unbound[28427:0] error: SERVFAIL <c.gtld-servers.net. A IN>: could not fetch nameserver at zone net.
[1551971037] unbound[28427:0] error: SERVFAIL <f.gtld-servers.net. A IN>: 0x20 failed, then got different replies in fallback
[1551971037] unbound[28427:0] error: SERVFAIL <b.root-servers.net. A IN>: 0x20 failed, then got different replies in fallback
[1551971037] unbound[28427:0] error: SERVFAIL <d.root-servers.net. A IN>: 0x20 failed, then got different replies in fallback
[1551971037] unbound[28427:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
[1551971037] unbound[28427:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
[1551971037] unbound[28427:0] info: generate keytag query _ta-4f66. NULL IN
[1551971037] unbound[28427:0] error: SERVFAIL <i.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971037] unbound[28427:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
[1551971037] unbound[28427:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
[1551971037] unbound[28427:0] info: validation failure <. NS IN>: no signatures from 192.5.5.241 for trust anchor . while building chain of trust
[1551971037] unbound[28427:0] info: validation failure <. SOA IN>: no signatures from 192.5.5.241 for trust anchor . while building chain of trust
[1551971037] unbound[28427:0] reply: 127.0.0.1 . SOA IN SERVFAIL 0.658759 0 28
[1551971037] unbound[28427:0] error: SERVFAIL <h.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971037] unbound[28427:0] error: SERVFAIL <a.root-servers.net. A IN>: 0x20 failed, then got different replies in fallback
[1551971037] unbound[28427:0] error: SERVFAIL <j.root-servers.net. A IN>: 0x20 failed, then got different replies in fallback
[1551971037] unbound[28427:0] error: SERVFAIL <l.root-servers.net. A IN>: 0x20 failed, then got different replies in fallback
[1551971037] unbound[28427:0] error: SERVFAIL <g.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971037] unbound[28427:0] error: SERVFAIL <j.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971037] unbound[28427:0] error: SERVFAIL <b.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971037] unbound[28427:0] error: SERVFAIL <l.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971037] unbound[28427:0] error: SERVFAIL <m.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971037] unbound[28427:0] error: SERVFAIL <d.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971037] unbound[28427:0] error: SERVFAIL <a.gtld-servers.net. A IN>: could not fetch nameserver at zone net.
[1551971037] unbound[28427:0] error: SERVFAIL <k.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971038] unbound[28427:0] error: SERVFAIL <a.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971038] unbound[28427:0] error: SERVFAIL <b.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971038] unbound[28427:0] error: SERVFAIL <g.gtld-servers.net. A IN>: could not fetch nameserver at zone net.
[1551971038] unbound[28427:0] error: SERVFAIL <l.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971038] unbound[28427:0] error: SERVFAIL <f.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971038] unbound[28427:0] error: SERVFAIL <h.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971038] unbound[28427:0] error: SERVFAIL <k.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971038] unbound[28427:0] error: SERVFAIL <j.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971038] unbound[28427:0] error: SERVFAIL <m.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971038] unbound[28427:0] error: SERVFAIL <c.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971038] unbound[28427:0] error: SERVFAIL <i.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971038] unbound[28427:0] error: SERVFAIL <d.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971038] unbound[28427:0] error: SERVFAIL <c.gtld-servers.net. A IN>: could not fetch nameserver at zone net.
[1551971038] unbound[28427:0] error: SERVFAIL <d.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971038] unbound[28427:0] error: SERVFAIL <j.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971038] unbound[28427:0] error: SERVFAIL <f.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971038] unbound[28427:0] error: SERVFAIL <g.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971038] unbound[28427:0] error: SERVFAIL <a.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971038] unbound[28427:0] error: SERVFAIL <h.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971038] unbound[28427:0] error: SERVFAIL <l.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971038] unbound[28427:0] error: SERVFAIL <k.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971039] unbound[28427:0] error: SERVFAIL <m.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971039] unbound[28427:0] error: SERVFAIL <b.gtld-servers.net. A IN>: could not fetch nameserver at zone net.
[1551971039] unbound[28427:0] error: SERVFAIL <i.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971039] unbound[28427:0] error: SERVFAIL <e.gtld-servers.net. A IN>: all servers for this domain failed, at zone net.
[1551971039] unbound[28427:0] error: SERVFAIL <f.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971039] unbound[28427:0] error: SERVFAIL <g.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971039] unbound[28427:0] error: SERVFAIL <j.gtld-servers.net. A IN>: 0x20 failed, then got different replies in fallback
[1551971039] unbound[28427:0] error: SERVFAIL <a.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971039] unbound[28427:0] error: SERVFAIL <h.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971039] unbound[28427:0] error: SERVFAIL <l.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971039] unbound[28427:0] error: SERVFAIL <k.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971039] unbound[28427:0] error: SERVFAIL <m.gtld-servers.net. A IN>: could not fetch nameserver at zone net.
[1551971039] unbound[28427:0] error: SERVFAIL <b.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971039] unbound[28427:0] error: SERVFAIL <i.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971039] unbound[28427:0] error: SERVFAIL <d.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971039] unbound[28427:0] error: SERVFAIL <k.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971039] unbound[28427:0] error: SERVFAIL <i.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971040] unbound[28427:0] error: SERVFAIL <f.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971040] unbound[28427:0] error: SERVFAIL <j.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971040] unbound[28427:0] error: SERVFAIL <g.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971040] unbound[28427:0] error: SERVFAIL <b.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971040] unbound[28427:0] error: SERVFAIL <l.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971040] unbound[28427:0] error: SERVFAIL <h.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971040] unbound[28427:0] error: SERVFAIL <m.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971040] unbound[28427:0] error: SERVFAIL <a.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971040] unbound[28427:0] error: SERVFAIL <l.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971040] unbound[28427:0] error: SERVFAIL <k.gtld-servers.net. A IN>: could not fetch nameservers for 0x20 fallback
[1551971040] unbound[28427:0] error: SERVFAIL <c.gtld-servers.net. A IN>: exceeded the maximum number of glue fetches
[1551971040] unbound[28427:0] error: SERVFAIL <c.root-servers.net. A IN>: could not fetch nameserver at zone net.
[1551971040] unbound[28427:0] error: SERVFAIL <net. NS IN>: exceeded the maximum number of glue fetches
Any advise to pimp my configuration?
Andreas
More information about the Unbound-users
mailing list