RPZ: is this config correct?
george at nlnetlabs.nl
Tue May 4 10:06:35 UTC 2021
Thanks for the detailed info!
Non-working HTTPS url on linux is news to me, I'll look into it.
Not sure if it will help but which version of openssl do you use?
unbound -V should have that information.
For the libcurl question: I wasn't part of the development but I guess
pulling that big of a library into unbound is not an easy task,
especially when libcurl comes with so much functionality that unbound
will never need.
On 01/05/2021 12:46, A. Schulze via Unbound-users wrote:
> Am 30.04.21 um 10:56 schrieb George Thessalonikefs via Unbound-users:
>> The windows issue does not establish the HTTPS handshake IIRC, so no further data flowing there.
> ok, two different things ...
>> - Does this also happen without HTTPS? You mentioned an nginx serving non-HTTPS content. Could you retry with auth_zone_transfer?
> I copied https://urlhaus.abuse.ch/downloads/rpz/ to a local webserver reachable by http as well as https
> with "url: https://andreasschulze.de/testing/" the transfer failed in the same manner as from https://urlhaus.abuse.ch/downloads/rpz/
> with "url: http://andreasschulze.de/testing/" the transfer succeeded immediately.
>> - Do you see that behavior also without docker?
> yes, the behavior describded above is the same for unbound-1.13.1 inside docker-ce (the Debian Bullseye unbound binary/package)
> as well as unbound-1.13.1 (selfcompiled, on Debian Buster) without the Docker Layer.
> HTTP works, HTTPS don't.
> Q: did you consider using libcurl for downloads?
> optional; if unbound is build with libcurl, "url" options are available otherwise AXFR must be used
More information about the Unbound-users