[Unbound-users] support of 'server' statement

Rok Potočnik r at rula.net
Wed Jun 30 15:08:55 UTC 2010


On 25.6.2010 23:10, Olafur Gudmundsson wrote:
> Based on what was said here:
> http://brussels38.icann.org/bitcache/e758b09ba8002f798c8fad8f17601e9c8fe5f5ca?vid=13129&disposition=attachment&op=download
>
>
> We can expect godaddy to fix their servers soon thus you would not
> need this option :-)
>
> Olafur
>
>
> On 25/06/2010 10:24 AM, W.C.A. Wijngaards wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hi Rok,
>>
>> That feature would be blocked under creeping featurism and a desire to
>> keep unbound light and simple.
>>
>> Also, dig @ns01.domaincontrol.com. www.godaddy.com +dnssec +norec works
>> fine, and configuration is not necessary.
>>
>> Those servers do not include an EDNS OPT section in the answers, which
>> is not terribly important and unbound 'accepts lenient'.
>>
>> Best regards,
>> Wouter
>>
>> On 06/22/2010 11:18 AM, Rok Potočnik wrote:
>>> Will unbound ever support a 'server' statement as in bind's
>>>
>>> server 1.2.3.4 {
>>> edns no;
>>> };
>>>
>>> It seems (probably all) NSxx.DOMAINCONTROL.COM servers (godaddy) don't
>>> respond to dnssec queries so I'd like to override my recursive servers
>>> never to ask with EDNS.

It seems the problem isn't at godaddy but rather somewhere in between, 
as bind list users said a couple of times, some of them get the reply using

dig +dnssec @ns33.domaincontrol.com. replacementservices.com.

The only workaround for now seems to be

forward-zone:
         name: "replacementservices.com"
         forward-addr: 8.8.8.8
         forward-addr: 8.8.4.4
....

but doing this on our scale is quite a workout as the servers provide 
recursive replies for about 200k clients.


-- 
LP, Rok

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2261 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20100630/3597d1cd/attachment.bin>


More information about the Unbound-users mailing list