Re: fail: the anchor is NOT ok and could not be fixed

2020-10-27 Thread Gil Levy via Unbound-users
Thanks for the detailed explanation! Are you referring to this area: do_root_trust_anchor_update() { if $ROOT_TRUST_ANCHOR_UPDATE; then if [ -n "$ROOT_TRUST_ANCHOR_FILE" ]; then if [ -r "$DNS_ROOT_KEY_FILE" ]; then if [ ! -e "$ROOT_TRUST_ANCHOR_FILE" -o

local-data and local-data-ptr not accepted

2020-10-27 Thread Paulo Roberto Tomasi via Unbound-users
Hi, I'm trying to setup some local-data and local-data-ptr to convert private address (used in core routing) to some meaningful data in traceroutes through the MPLS backbone I've tried this: local-zone: "master.local." static local-data: "SW3-P-SJK-LIB-01.master.local. IN A 10.50.0.1"

Re: reply for reserved TLD's

2020-10-27 Thread Tony Finch via Unbound-users
Sonic via Unbound-users wrote: > > What is considered the best reply from a local cache to avoid traffic > to the root servers for domains that are reserved (for local use etc., > such as .home, .corp) or those you wish to block? It depends (TM). RFC 6761 explains how special-use domain names

Re: Number of additional records in queries

2020-10-27 Thread Tony Finch via Unbound-users
Petr Špaček via Unbound-users wrote: > > If any future protocol extension makes use of new RR type in additional > section and these are silently ignored then we have no way of detecting > if the new extension is supported or not. I don't think you can design a DNS protocol extension on the

reply for reserved TLD's

2020-10-27 Thread Sonic via Unbound-users
Hello, What is considered the best reply from a local cache to avoid traffic to the root servers for domains that are reserved (for local use etc., such as .home, .corp) or those you wish to block? Is always_nxdomain better than always_refuse? Is there an even better reply? Does one or the other

Re: fail: the anchor is NOT ok and could not be fixed

2020-10-27 Thread Bernardo Reino via Unbound-users
On 27/10/2020 09:38, Gil Levy via Unbound-users wrote: Anyone? Still couldn't fix this on boot. Appreciate your help. On Fri, 23 Oct 2020 at 13:51, Gil Levy > wrote: After a system reboot, I get the following message when I run #> sudo systemctl status

Re: fail: the anchor is NOT ok and could not be fixed

2020-10-27 Thread Gil Levy via Unbound-users
Anyone? Still couldn't fix this on boot. Appreciate your help. On Fri, 23 Oct 2020 at 13:51, Gil Levy wrote: > After a system reboot, I get the following message when I run > #> sudo systemctl status unbound > > Oct 23 13:31:38 raspberrypi systemd[1]: Starting Unbound DNS server... > Oct 23

Re: Is cert-bundle loaded and kept before chroot?

2020-10-27 Thread Wouter Wijngaards via Unbound-users
Hi Eric, On 27/10/2020 03:06, Eric Luehrsen via Unbound-users wrote: > Just for clarity, I want to ask if Unbound loads the cert-bundle once > before chroot? Or, is it reread or polled for updates? Is the current > implementation the desired behavior? The documentation does not say what > is