[Bug 228210] 11.2-BETA1 - DNS resolution does not work with local_unbound; cannot ping with local_unbound disabled
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon May 21 02:11:39 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228210
--- Comment #3 from Patrick <doctorwhoguy at gmail.com> ---
I've been busy the past week, so it wasn't until the weekend that I could
follow up. I tried Dag-Erling's troubleshooting steps. Traceroute and drill
definitely showed some problems. So I did a bunch of Googling, reading, and
tinkering with my router and with config file settings. In the end, it turns
out that the problem was that OpenDNS, the nameservers I had been using, do not
support DNSSEC. Honestly I didn't realize that unbound was enabling DNSSEC by
default. I had been using it only for the DNS caching. But once I changed the
DNS nameservers being served by DHCP in my router to a nameserver that supports
DNSSEC (Quad9), everything started working fine.
So I feel a bit sheepish about opening this bug. But judging by the number of
forum posts and some mailing list questions I found from other people who
experienced this same problem, and the fact that the only solutions anyone
offered was to disable DNSSEC (even if they didn't know that's what they were
doing), it may be that this should be better documented somewhere. Unbound is
advertised simply as a caching nameserver, so, like me, I suspect a lot of
people are enabling it for that purpose, unaware of its DNSSEC features, and
then they have no idea why DNS resolution isn't working.
In any case, thank you for your help.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the freebsd-net
mailing list