RPZ: is this config correct?

George Thessalonikefs george at nlnetlabs.nl
Tue May 4 10:06:35 UTC 2021


Hi Andreas,

Thanks for the detailed info!
Non-working HTTPS url on linux is news to me, I'll look into it.

Not sure if it will help but which version of openssl do you use? 
unbound -V should have that information.

For the libcurl question: I wasn't part of the development but I guess 
pulling that big of a library into unbound is not an easy task, 
especially when libcurl comes with so much functionality that unbound 
will never need.

Best regards,
-- George

On 01/05/2021 12:46, A. Schulze via Unbound-users wrote:
> 
> 
> Am 30.04.21 um 10:56 schrieb George Thessalonikefs via Unbound-users:
>> The windows issue does not establish the HTTPS handshake IIRC, so no further data flowing there.
> ok, two different things ...
> 
>> - Does this also happen without HTTPS? You mentioned an nginx serving non-HTTPS content. Could you retry with auth_zone_transfer?
> I copied https://urlhaus.abuse.ch/downloads/rpz/ to a local webserver reachable by http as well as https
> with "url: https://andreasschulze.de/testing/" the transfer failed in the same manner as from https://urlhaus.abuse.ch/downloads/rpz/
> with "url: http://andreasschulze.de/testing/" the transfer succeeded immediately.
> 
>> - Do you see that behavior also without docker?
> yes, the behavior describded above is the same for unbound-1.13.1 inside docker-ce (the Debian Bullseye unbound binary/package)
> as well as unbound-1.13.1 (selfcompiled, on Debian Buster) without the Docker Layer.
> 
> HTTP works, HTTPS don't.
> 
> Q: did you consider using libcurl for downloads?
>     optional; if unbound is build with libcurl, "url" options are available otherwise AXFR must be used
> 
> Andreas
> 




More information about the Unbound-users mailing list