Unbound 1.13.1rc1 pre-release
George Thessalonikefs
george at nlnetlabs.nl
Wed Feb 24 13:37:57 UTC 2021
Hi RayG,
This was another bug in relation to the upcoming feature and the config
options I suggested. Should be fixed now.
But let's not get distracted by the zonemd code.
I have prepared the following which is 1.13.1 with just the fix for http
read (no new functionality added):
https://nlnetlabs.nl/~george/unbound_setup_1.13.1_20210224.exe
https://nlnetlabs.nl/~george/unbound-1.13.1_20210224.zip
Please give it a try.
-- George
On 23/02/2021 16:14, RayG wrote:
> Hi George,
>
> OK I have installed the updated file below and tried unbound, it starts OK but I still see the
>
> 23/02/2021 15:10:24 C:\Program Files\Unbound\unbound.exe[18376:0] warning: auth zone URLHaus.: ZONEMD verification failed: verify DNSKEY RRset with trust anchor failed
>
> I have both of these lines in the configuration is that correct?
>
> ====
> Additionally, using:
> domain-insecure: "URLHaus."
> or
> zonemd-permissive-mode: yes
> in the configuration should also bypass the issue.
> ====
>
> Without either of the above lines there is no warning message.
>
> From what I can see RPZ is still not working.
>
> What else can I supply you with?
>
> RayG
>
> -----Original Message-----
> From: George Thessalonikefs <george at nlnetlabs.nl>
> Sent: 22 February 2021 17:17
> To: RayG <rgsub1 at btinternet.com>; unbound-users at lists.nlnetlabs.nl
> Subject: Re: Unbound 1.13.1rc1 pre-release
>
> Hi RayG,
>
> The log did help.
> You hit a bug for an upcoming feature that verifies a zone before loading.
>
> You can find the fixed files at:
> https://nlnetlabs.nl/~george/unbound_setup_1.13.2_20210222_A.exe
> https://nlnetlabs.nl/~george/unbound-1.13.2_20210222_A.zip
>
> Additionally, using:
> domain-insecure: "URLHaus."
> or
> zonemd-permissive-mode: yes
> in the configuration should also bypass the issue.
>
> -- George
>
>
> On 22/02/2021 16:43, RayG wrote:
>> Hi George,
>>
>> Thanks for the update...
>>
>> I have installed that version and there is a warning in the log file after starting.
>>
>> Is there any other information you require?
>>
>> This is an entry in the URLHaus RPZ file which is not in my other list of excluded DNS names which does NOT return NXDOMAIN and the log file does not show any RPZ logging? It is still returning an IP address. So I deduce things are not working as expected.
>>
>> C:\>dig a9ashop.com
>>
>> ; <<>> DiG 9.16.12 <<>> a9ashop.com
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54145 ;; flags: qr
>> rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>>
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 1232
>> ;; QUESTION SECTION:
>> ;a9ashop.com. IN A
>>
>> ;; ANSWER SECTION:
>> a9ashop.com. 1799 IN A 162.241.124.73
>>
>> ;; Query time: 140 msec
>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>> ;; WHEN: Mon Feb 22 15:23:10 GMT Standard Time 2021 ;; MSG SIZE rcvd:
>> 56 C:\>
>>
>> There is also no zonefile created.
>>
>> rpz: # MyResponsePolicyZones.conf
>> name: "URLHaus"
>> zonefile: "C:\ProgramData\Unbound\Logs\urlhaus.zone"
>> url: "https://urlhaus.abuse.ch/downloads/rpz/"
>> rpz-log: yes
>> rpz-log-name: "URLHausRPZ"
>> rpz-action-override: nxdomain
>>
>> I hope the attached files help
>>
>> RayG
>> -----Original Message-----
>> From: George Thessalonikefs <george at nlnetlabs.nl>
>> Sent: 22 February 2021 14:40
>> To: RayG <rgsub1 at btinternet.com>; unbound-users at lists.nlnetlabs.nl
>> Subject: Re: Unbound 1.13.1rc1 pre-release
>>
>> Hi RayG,
>>
>> We had a fix that may also solve the issue getting the rpz zonefile via url in windows (https://github.com/NLnetLabs/unbound/commit/bc4bdbabeab1388e41ce64714203b4fd3fab18be).
>>
>> I have prepared the following for you to try on windows:
>> https://nlnetlabs.nl/~george/unbound_setup_1.13.2_20210222.exe
>> https://nlnetlabs.nl/~george/unbound-1.13.2_20210222.zip
>>
>> Let me know how it goes,
>> -- George
>>
>> On 03/02/2021 16:08, RayG wrote:
>>> Hi George,
>>>
>>> Ok Thanks - I was rather hoping the next update to v1.13.0 would have addressed the issue. Any Ideas when?
>>>
>>> Thanks
>>>
>>> RayG
>>>
>>
>>
>
>
More information about the Unbound-users
mailing list