Hi Adrian,
Unbound waits until the root has done. But you do not allow these
queries to be done.
You can stop unbound from querying the root NS by setting a forward zone
for the root (".") to somewhere.
Best regards, Wouter
On 28/02/17 06:16, Adrian Zhang via Unbound-users wrote:
> When I chec
Hey Wouter,
Thanks a lot for solution. I create "." forwarding settings in unbound.conf and
restart the Unbound service, unfortunately client still can not receive the
response from Unbound.
on client:
$ dig file.mine.intra @IP_OF_Unbound
Hi Adrian,
Looks like it could be SERVFAIL because of DNSSEC. Is intra not signed,
but you don't have domain-insecure: "intra" ? Or is there some other
DNSSEC failure? dig +cdflag, or get validation error from unbound logs.
Best regards, Wouter
On 28/02/17 10:46, Adrian Zhang via Unbound-user
Hey Wouter,
Thanks for further suggestion which is really help. intra is for sure not
signed and there is no domain-incure settings.
Run dig +cdflag on client can get correct answer.
Once I create domain-insecure setting in unbound.conf, it works!
Replay the full picture:
Windows Server v
[ Perhaps dnsviz should detect and report "glueless" delegations
of NS names if that's the issue. See below. ]
On Tue, Feb 28, 2017 at 10:33:18AM +0700, battossai wrote:
> Sorry, not fully understand your explaination.
> It means NS polri.go.id is has error configuration for its DNSec ?
> Why
