clone 629290 -1 reassign -1 dnsmasq retitle -1 dnsmasq: not DNSSEC transparent severity -1 important thanks
Maik Zumstrull wrote: > On Wed, Jun 15, 2011 at 21:16, Robert Edmonds <edmo...@debian.org> wrote: > > > you're most likely running unbound in the default debian config which > > enables DNSSEC validation. if you comment out the > > "auto-trust-anchor-file" line in /etc/unbound/unbound.conf and restart > > unbound, does it start working with your dnsmasq server? > > Yes. For the record, with validation enabled: > > No forwarding: works > Forwarding to 8.8.8.8: fails > Forwarding to 4.2.2.1: works > Forwarding to dnsmasq which forwards to 8.8.8.8: fails > Forwarding to dnsmasq which forwards to 4.2.2.1: fails > > So, breakage at dnsmasq and 8.8.8.8, I think, the latter officially > being a known issue. so unbound forwarding to 4.2.2.1 works, but unbound forwarding to dnsmasq which forwards to 4.2.2.1 does not work. so dnsmasq is not fully transparent when forwarding between a validating forwarder and a validating recursive nameserver. -- Robert Edmonds edmo...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
