Unbound error with forward override and DNSSec
Laurent Dinclaux
laurent at knc.nc
Thu Jun 24 23:27:42 UTC 2021
Hello,
I use Unbound with OPNsense. I have secured a domain with DNSSec, its DNS
server being on the WAN. It has an office.domain.com subdomain (A record)
I also have a local DNS server where that subdomain is set, so it resolves
locally to local IPs. So I am adding a domain override in Unbound as such,
which is as such in the configuration:
private-domain: "office.domain.com"
domain-insecure: "office.domain.com"
forward-zone:
name: "office.domain.com"
forward-addr: 10.25.65.16
And I get this error in Unbound:
2021-06-23T20:57:39 unbound[60568] [60568:1] info: NSEC3s for the
referral proved no delegation
2021-06-23T20:57:39 unbound[60568] [60568:1] info: resolving
office.domain.nc. DS IN
2021-06-23T20:57:39 unbound[60568] [60568:1] info: query response was ANSWER
2021-06-23T20:57:39 unbound[60568] [60568:1] info: reply from
<office.domain.nc.> 10.25.65.16#53
2021-06-23T20:57:39 unbound[60568] [60568:1] info: response for
office.domain.nc. A IN
2021-06-23T20:57:39 unbound[60568] [60568:1] info: resolving
office.domain.nc. A IN
I understand that error. If I disable the DNSSec feature in unbound, it
works.
But I am wondering if there is anyway to work around that (without
disabling DNSSec checking), and have unbound give back the ANSWER returned
by that local DNS server ?
Regards
--
Laurent
laurent at knc.nc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20210625/9a1c0646/attachment.htm>
More information about the Unbound-users
mailing list