RPZ: is this config correct?

A. Schulze sca at andreasschulze.de
Sat May 1 10:46:16 UTC 2021

Am 30.04.21 um 10:56 schrieb George Thessalonikefs via Unbound-users:
> The windows issue does not establish the HTTPS handshake IIRC, so no further data flowing there.
ok, two different things ...

> - Does this also happen without HTTPS? You mentioned an nginx serving non-HTTPS content. Could you retry with auth_zone_transfer?
I copied https://urlhaus.abuse.ch/downloads/rpz/ to a local webserver reachable by http as well as https
with "url: https://andreasschulze.de/testing/" the transfer failed in the same manner as from https://urlhaus.abuse.ch/downloads/rpz/
with "url: http://andreasschulze.de/testing/" the transfer succeeded immediately.

> - Do you see that behavior also without docker?
yes, the behavior describded above is the same for unbound-1.13.1 inside docker-ce (the Debian Bullseye unbound binary/package) 
as well as unbound-1.13.1 (selfcompiled, on Debian Buster) without the Docker Layer.

HTTP works, HTTPS don't.

Q: did you consider using libcurl for downloads?
   optional; if unbound is build with libcurl, "url" options are available otherwise AXFR must be used


More information about the Unbound-users mailing list