Greetings, Is it a recommended solution to have a local domain marked insecure given the following setup?
server:
# se is signed, as we know
module-config: "validator iterator"
# namn.se is our local domain name.
private-domain: namn.se
unblock-lan-zones: yes
insecure-lan-zones: yes
stub-zone:
name: namn.se
# internal name servers
stub-addr: 192.0.2.53
stub-addr: 192.0.2.54
forward-zone:
name: "."
# these are also unbound, and they validate
forward-addr: 192.0.2.47
forward-addr: 192.0.2.11
The question is that _if_ the forward-addrs are unreachable
or unresponsive, a stiuation we've had, we have noticed
validation failures dependent on SE. for names in namn.SE.
Names which should have been completely found using the stub-
zone: directive. The log message is:
info: validation failure <some-host.namn.SE. A IN>: key for \
validation se. is marked as invalid because of a previous
This message is originated on line 1964 in validator/validator.c
in "processInit()" and the comment is "key is bad, chain is bad,
reply is bogus" which sort of fits.
As is usual, I probably have talked myself into believing I've
found the issue but I hope someone is able to refute or affirm
my beliefs..
/Måns
--
Måns Nilsson primary/secondary/besserwisser/machina
MN-1334-RIPE SA0XLR +46 705 989668
Now I'm having INSIPID THOUGHTS about the beatiful, round wives of
HOLLYWOOD MOVIE MOGULS encased in PLEXIGLASS CARS and being approached
by SMALL BOYS selling FRUIT ...
signature.asc
Description: PGP signature
