validating nxdomain for subdomains of data-less labels in auth-zone
Michael Tokarev
mjt at tls.msk.ru
Fri Nov 11 14:09:01 UTC 2022
11.11.2022 16:54, George (Yorgos) Thessalonikefs wrote:
> Now I spot that this is auth-zone.
Yes it is auth-zone. It is set up this way because it is a remote office with
somewhat flaky connectivity and I thought about always having whole thing locally
instead of relying for the upstream during all the runtime.
> Which version of Unbound is that?
It is 1.16.3 currently. I thought about giving 1.17 a try, - upgraded to 1.17.0,
with exactly the same effect. (It is Debian package of Unbound, - I'm trying to
keep it current in Debian).
> I would first try with stub-zone instead and point to the NSD instance you mentioned.
The stub-zone works, it worked for many years (with not a best reliability, see
above). I just tested it again - switching from auth-zone to stub-zone with the
same stub-address works just fine.
It is only the auth-zone which dosn't work - I removed the temporary TXT record and
it started failing again.
Thanks!
/mjt
More information about the Unbound-users
mailing list