unbound-checkconf is only called in certain cases by the init script.
You might be able to work around the issue by altering some of the
package settings. Maybe try setting RESOLVCONF=false in
/etc/default/unbound, if you don't need the resolvconf integration.
And thank you Robert for pointing me to that bug, it sure looks like it.
any idea about the caching issue?
I can’t understand from the docs if resgen.py responses are supposed to be cached or not. It would seem nice if it did to save the overhead of running the python script every time, but I can’t figure out how to make that happen.
fwiw domains that are resolved by the iterator are correctly cached as far as I can see from the logs. In case my DNSMessage matters here’s the bit where I create the response (I’m forcing nossl google searches):
if qdn == ‘www.google.com.’: #create instance of DNS message (packet) with given parameters
msg = DNSMessage(qdn, RR_TYPE_A, RR_CLASS_IN, PKT_QR | PKT_RA | PKT_AA) #append RR
if (qstate.qinfo.qtype == RR_TYPE_A) or (qstate.qinfo.qtype == RR_TYPE_ANY):
msg.answer.append(‘%s 3600 IN CNAME nosslsearch.google.com.’ % qdn)
msg.answer.append(‘nosslsearch.google.com. 86400 IN A 216.239.32.20’)
set_msg_and_cache(qstate, msg, id)
return True
else: #pass the query to validator
qstate.ext_state[id] = MODULE_WAIT_MODULE
return True
the script is otherwise resgen.py as per stock example: