RPZ: is this config correct?
sca at andreasschulze.de
Sat May 1 10:46:16 UTC 2021
Am 30.04.21 um 10:56 schrieb George Thessalonikefs via Unbound-users:
> The windows issue does not establish the HTTPS handshake IIRC, so no further data flowing there.
ok, two different things ...
> - Does this also happen without HTTPS? You mentioned an nginx serving non-HTTPS content. Could you retry with auth_zone_transfer?
I copied https://urlhaus.abuse.ch/downloads/rpz/ to a local webserver reachable by http as well as https
with "url: https://andreasschulze.de/testing/" the transfer failed in the same manner as from https://urlhaus.abuse.ch/downloads/rpz/
with "url: http://andreasschulze.de/testing/" the transfer succeeded immediately.
> - Do you see that behavior also without docker?
yes, the behavior describded above is the same for unbound-1.13.1 inside docker-ce (the Debian Bullseye unbound binary/package)
as well as unbound-1.13.1 (selfcompiled, on Debian Buster) without the Docker Layer.
HTTP works, HTTPS don't.
Q: did you consider using libcurl for downloads?
optional; if unbound is build with libcurl, "url" options are available otherwise AXFR must be used
More information about the Unbound-users