dig +trace works fine if you change your unbound.conf from: access-control: 127.0.0.0/8 allow
to access-control: 127.0.0.0/8 allow_snoop Adjust IP as needed :). -Dustin On Fri, Nov 5, 2010 at 8:17 AM, Zbynek Michl <[email protected]> wrote: > Hi, > > when I enable tracing in dig, I will get empty answer: > > $ dig +trace www.example.com > ; <<>> DiG 9.7.1-P2 <<>> +trace www.example.com > ;; global options: +cmd > ;; Received 12 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms > > It is because +trace disables RD flag, so first query and reply is: > > $ dig +norecurse . NS > ; <<>> DiG 9.7.1-P2 <<>> +norecurse . NS > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 23919 > ;; flags: qr; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > > ;; Query time: 0 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) > ;; WHEN: Fri Nov 5 14:01:12 2010 > ;; MSG SIZE rcvd: 12 > > > When I use BIND instead of unbound, it replies ok. It is because BIND > answers its internal root-hints NS list when RD is not set. Should not > unbound behaves the same way? > > Thanks, > Zbynek > _______________________________________________ > Unbound-users mailing list > [email protected] > http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users > _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
