Unbound 1.13.1rc1 pre-release
RayG
rgsub1 at btinternet.com
Tue Feb 23 15:14:41 UTC 2021
Hi George,
OK I have installed the updated file below and tried unbound, it starts OK but I still see the
23/02/2021 15:10:24 C:\Program Files\Unbound\unbound.exe[18376:0] warning: auth zone URLHaus.: ZONEMD verification failed: verify DNSKEY RRset with trust anchor failed
I have both of these lines in the configuration is that correct?
====
Additionally, using:
domain-insecure: "URLHaus."
or
zonemd-permissive-mode: yes
in the configuration should also bypass the issue.
====
Without either of the above lines there is no warning message.
>From what I can see RPZ is still not working.
What else can I supply you with?
RayG
-----Original Message-----
From: George Thessalonikefs <george at nlnetlabs.nl>
Sent: 22 February 2021 17:17
To: RayG <rgsub1 at btinternet.com>; unbound-users at lists.nlnetlabs.nl
Subject: Re: Unbound 1.13.1rc1 pre-release
Hi RayG,
The log did help.
You hit a bug for an upcoming feature that verifies a zone before loading.
You can find the fixed files at:
https://nlnetlabs.nl/~george/unbound_setup_1.13.2_20210222_A.exe
https://nlnetlabs.nl/~george/unbound-1.13.2_20210222_A.zip
Additionally, using:
domain-insecure: "URLHaus."
or
zonemd-permissive-mode: yes
in the configuration should also bypass the issue.
-- George
On 22/02/2021 16:43, RayG wrote:
> Hi George,
>
> Thanks for the update...
>
> I have installed that version and there is a warning in the log file after starting.
>
> Is there any other information you require?
>
> This is an entry in the URLHaus RPZ file which is not in my other list of excluded DNS names which does NOT return NXDOMAIN and the log file does not show any RPZ logging? It is still returning an IP address. So I deduce things are not working as expected.
>
> C:\>dig a9ashop.com
>
> ; <<>> DiG 9.16.12 <<>> a9ashop.com
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54145 ;; flags: qr
> rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1232
> ;; QUESTION SECTION:
> ;a9ashop.com. IN A
>
> ;; ANSWER SECTION:
> a9ashop.com. 1799 IN A 162.241.124.73
>
> ;; Query time: 140 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Mon Feb 22 15:23:10 GMT Standard Time 2021 ;; MSG SIZE rcvd:
> 56 C:\>
>
> There is also no zonefile created.
>
> rpz: # MyResponsePolicyZones.conf
> name: "URLHaus"
> zonefile: "C:\ProgramData\Unbound\Logs\urlhaus.zone"
> url: "https://urlhaus.abuse.ch/downloads/rpz/"
> rpz-log: yes
> rpz-log-name: "URLHausRPZ"
> rpz-action-override: nxdomain
>
> I hope the attached files help
>
> RayG
> -----Original Message-----
> From: George Thessalonikefs <george at nlnetlabs.nl>
> Sent: 22 February 2021 14:40
> To: RayG <rgsub1 at btinternet.com>; unbound-users at lists.nlnetlabs.nl
> Subject: Re: Unbound 1.13.1rc1 pre-release
>
> Hi RayG,
>
> We had a fix that may also solve the issue getting the rpz zonefile via url in windows (https://github.com/NLnetLabs/unbound/commit/bc4bdbabeab1388e41ce64714203b4fd3fab18be).
>
> I have prepared the following for you to try on windows:
> https://nlnetlabs.nl/~george/unbound_setup_1.13.2_20210222.exe
> https://nlnetlabs.nl/~george/unbound-1.13.2_20210222.zip
>
> Let me know how it goes,
> -- George
>
> On 03/02/2021 16:08, RayG wrote:
>> Hi George,
>>
>> Ok Thanks - I was rather hoping the next update to v1.13.0 would have addressed the issue. Any Ideas when?
>>
>> Thanks
>>
>> RayG
>>
>
>
More information about the Unbound-users
mailing list