I have a system which has IPv4 connectivity only.
# This is rfc7706 config
# https://www.dns.icann.org/services/axfr/
auth-zone:
name: "."
for-downstream: no
for-upstream: yes
fallback-enabled: yes
zonefile: /var/lib/unbound/root.zone
master: lax.xfr.dns.icann.org.
master: iad.xfr.dns.icann.org.
Problem is there will not be zonexfer of zone. My guess is unbound only
tries ipv6 addresses of masters. When dns name is used,
I'd expect unbound to use both IPv4 and IPv6 addresses for axfr when
server name has both addresses.
Config works just fine on systems with IPv6 connectivity. In fact I
guess unbound shouldn't even try to use ipv6 for zonexfer when host
doesn't have global ipv6 address.
I tried this config too, and it doesn't work on v4 only system:
# This is rfc7706 config
# https://www.dns.icann.org/services/axfr/
auth-zone:
name: "."
for-downstream: no
for-upstream: yes
fallback-enabled: yes
zonefile: /var/lib/unbound/root.zone
#master: lax.xfr.dns.icann.org.
master: 192.0.32.132
master: 2620:0:2d0:202::132
#master: iad.xfr.dns.icann.org.
master: 192.0.47.132
master: 2620:0:2830:202::132
Only after I comment out ipv6 addresses zonexfer will happen.
unbound-1.9.1 is the version I run.
Sent debug log off the list. Verified that my testing system dig AXFR
works just fine so while I disabled v6 on testing system v4 works.