auth-zone primary: hostname at 853#dns-over-tls.example.com
Peter Hessler
phessler at theapt.org
Fri Jan 12 17:51:35 UTC 2024
I'm using unbound 1.18.0 as included in OpenBSD 7.4 to provide recursive
dns, and configured it with auth-zone to speed up lookups and changes.
it works just fine with this config:
auth-zone:
name: "example.network"
primary: ns.example.org
allow-notify: 2001:db8::53 # raw IP of ns.example.org
allow-notify: ns.example.org
fallback-enabled: yes
for-downstream: no
for-upstream: yes
Specifically, primary uses the hostname to lookup the correct IPs to do
the AXFR from. However, when I try to switch it to use DNS-over-TLS for
AXFR, it fails:
auth-zone:
name: "example.network"
primary: ns.example.org at 853#ns.example.org
allow-notify: 2001:db8::53 # raw IP of ns.example.org
allow-notify: ns.example.org
fallback-enabled: yes
for-downstream: no
for-upstream: yes
I get this message in syslog,
unbound: [76439:0] error: example.network.: failed lookup, cannot probe to master ns.example.org at 853#ns.example.org
But when I change primary to
primary: 2001:db8::53 at 853#ns.example.org
everything works fine.
Is this intentional?
--
If this fortune didn't exist, somebody would have invented it.
More information about the Unbound-users
mailing list