From owner-freebsd-questions@FreeBSD.ORG Tue Mar 25 13:33:09 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 68955F0 for ; Tue, 25 Mar 2014 13:33:09 +0000 (UTC) Received: from sam.nabble.com (sam.nabble.com [216.139.236.26]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 4B18EBE2 for ; Tue, 25 Mar 2014 13:33:08 +0000 (UTC) Received: from [192.168.236.26] (helo=sam.nabble.com) by sam.nabble.com with esmtp (Exim 4.72) (envelope-from ) id 1WSRTY-0004QJ-Dg for freebsd-questions@freebsd.org; Tue, 25 Mar 2014 06:33:08 -0700 Date: Tue, 25 Mar 2014 06:33:08 -0700 (PDT) From: Beeblebrox To: freebsd-questions@freebsd.org Message-ID: <1395754388253-5897510.post@n5.nabble.com> In-Reply-To: <20140325103304.GA1621@aurora.oekb.co.at> References: <20140325103304.GA1621@aurora.oekb.co.at> Subject: Re: No DNS-resolution after going to "unbound" MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Mar 2014 13:33:09 -0000 Hi. You have enabled DNSSEC with auto-trust-anchor-file: /var/unbound/root.key Did you run "#unbound-anchor" first in order to generate the key? Read: http://www.unbound.net/documentation/howto_anchor.html "You must obtain an initial trust anchor. The unbound-anchor tool provides an initial anchor from builtin values" You can also try and see if the problem goes away (for testing) when "auto-trust-anchor-file" is disabled. Also, I assume this holds your forward-zone info? include: /var/unbound/forward.conf Make sure the list in that file contains DNSSEC-enabled servers. If the list contains non-DNSSEC servers, it won't work. Alternatively, if you have setup (copy/paste) your "root.hints" file, you do noy need to specify any forward-zone at all. Run unbound & unbound-anchor with all forward zone settings disabled - root-hints will take care of it all with "default servers". ----- FreeBSD-11-current_amd64_root-on-zfs_RadeonKMS -- View this message in context: http://freebsd.1045724.n5.nabble.com/No-DNS-resolution-after-going-to-unbound-tp5897465p5897510.html Sent from the freebsd-questions mailing list archive at Nabble.com.