Hi there
I have some .local domains I need unbound to pass off to internal Active Directory DNS servers. For example:
forward-zone:
name: “allurian.local”
forward-addr: 10.150.0.32
forward-addr: 10.150.0.33
However when I try to dig from my laptop Unbound gives me a servfail..
; <<>> DiG 9.8.1 <<>> aaa01.allurian.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 55546
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;aaa01.allurian.local. IN A
;; Query time: 3 msec
;; SERVER: 10.150.0.50#53(10.150.0.50)
;; WHEN: Wed Oct 12 12:57:48 2011
;; MSG SIZE rcvd: 38
Have I missed a config option somewhere?
Thanks
Ian
I fixed this by adding:
domain-insercure: “Allurian.local”
to the config..
I appear to have another problem now:
Oct 12 14:20:28 man01 unbound: [31813:1] info: validation failure test.dnssec-or-not.net. A IN
Oct 12 14:20:28 man01 unbound: [31813:1] info: validation failure test.dnssec-or-not.net. AAAA IN
Oct 12 14:21:46 man01 unbound: [31813:1] info: validation failure test.dnssec-or-not.net. A IN
Is this a valid error? It seems strange that a site for testing dnssec doesn’t work!
If I test using http://dnssectest.sidn.nl/test.php I get a nice green tick..
Cheers
Ian
I fixed this by adding:
domain-insercure: "Allurian.local"
to the config..
I appear to have another problem now:
Oct 12 14:20:28 man01 unbound: [31813:1] info: validation failure test.dnssec-or-not.net. A IN
Oct 12 14:20:28 man01 unbound: [31813:1] info: validation failure test.dnssec-or-not.net. AAAA IN
Oct 12 14:21:46 man01 unbound: [31813:1] info: validation failure test.dnssec-or-not.net. A IN
Is this a valid error? It seems strange that a site for testing dnssec doesn't work!
If I test using http://dnssectest.sidn.nl/test.php I get a nice green tick..
Seems your not the only one having problems with that domain:
http://dnssec-debugger.verisignlabs.com/test.dnssec-or-not.net
http://dnsviz.net/d/test.dnssec-or-not.net/dnssec/?rr=all&doe=on