Simon Kelley
2018-08-03 14:10:58 UTC
Actually, my previous reply was wrong, you'll need to use the config
server=/local.tld/<address of unbound server>
to make this work.
Cheers,
Simon.
server=/local.tld/<address of unbound server>
to make this work.
Cheers,
Simon.
As far as I can tell, the Pihole instructions for configuring Unbound
specify that the local TLD should be configured as not DNSSEC signed.
As far as dnsmasq is concerned, therefore, any answers in the local TLD
cannot be proven as valid, since they're unsigned, and it cannot be
proven that the local TLD is unsigned, since there's no trust path from
the root that proves that.
The BOGUS reply from dnsmasq is therefore quite correct.
THe fix for this is to tell dnsmasq that the local TLD is NOT DNSSEC signed.
something like
server=/local.tld/#
in the pihole dnsmasq config should do the trick.
(Note that when researching this answer, I found a couple of corner-case
bugs to do with this code, one of which is that the logging for that
server line doesn't include the information that DNSSEC is disabled for
t hat TLD. This shouldn't stop it working.
Cheers,
Simon.
Good day Sir,
Mark, from Pi-hole, advised me to ask you about a possible DNSMasq
bug/issue through this channel.
https://github.com/pi-hole/FTL/issues/336
Thank you in advance for your time,
--
*Met vriendelijke groet, kind regards,*
Walter van 't Hoff
Exclusive-IT logo
*Exclusive-IT*
t: +31 (0)6 2264 8629
w: Exclusive-IT.nl <https://exclusive-it.nl>
De informatie in dit e-mail bericht is vertrouwelijk en uitsluitend
bestemd voor de geadresseerde. Gebruik van deze informatie door anderen
dan de geadresseerde is niet toegestaan. Indien u dit bericht ten
onrechte ontvangt, wordt u verzocht de inhoud niet te gebruiken maar de
afzender direct te informeren door het bericht te retourneren en het
daarna te verwijderen. Openbaarmaking, vermenigvuldiging, verspreiding
en/of verstrekking van de in de e-mail ontvangen informatie aan derden
is niet toegestaan. Op alle diensten die wij verlenen zijn algemene
voorwaarden van toepassing die een beperking van onze aansprakelijkheid
bevatten. De algemene voorwaarden kunt u vinden en downloaden op
https://exclusive-it.nl/AlgemeneVoorwaarden.pdf - The information in
this e-mail is confidential and intended solely for the addressee. Use
of this information by others than the addressee is not allowed. If you
are not the intended recipient of this e-mail, you are hereby requested
to not use the contents but notify the sender immediately by returning
this e-mail and subsequently delete the message. Disclosure, copying,
distribution of the information in this e-mail to third parties is
prohibited and may be unlawful. All services we provide are subject to
our general terms and conditions which include a restriction of our
liability. You can find and download the general terms and conditions
(Dutch) on https://exclusive-it.nl/AlgemeneVoorwaarden.pdf.
specify that the local TLD should be configured as not DNSSEC signed.
As far as dnsmasq is concerned, therefore, any answers in the local TLD
cannot be proven as valid, since they're unsigned, and it cannot be
proven that the local TLD is unsigned, since there's no trust path from
the root that proves that.
The BOGUS reply from dnsmasq is therefore quite correct.
THe fix for this is to tell dnsmasq that the local TLD is NOT DNSSEC signed.
something like
server=/local.tld/#
in the pihole dnsmasq config should do the trick.
(Note that when researching this answer, I found a couple of corner-case
bugs to do with this code, one of which is that the logging for that
server line doesn't include the information that DNSSEC is disabled for
t hat TLD. This shouldn't stop it working.
Cheers,
Simon.
Good day Sir,
Mark, from Pi-hole, advised me to ask you about a possible DNSMasq
bug/issue through this channel.
https://github.com/pi-hole/FTL/issues/336
Thank you in advance for your time,
--
*Met vriendelijke groet, kind regards,*
Walter van 't Hoff
Exclusive-IT logo
*Exclusive-IT*
t: +31 (0)6 2264 8629
w: Exclusive-IT.nl <https://exclusive-it.nl>
De informatie in dit e-mail bericht is vertrouwelijk en uitsluitend
bestemd voor de geadresseerde. Gebruik van deze informatie door anderen
dan de geadresseerde is niet toegestaan. Indien u dit bericht ten
onrechte ontvangt, wordt u verzocht de inhoud niet te gebruiken maar de
afzender direct te informeren door het bericht te retourneren en het
daarna te verwijderen. Openbaarmaking, vermenigvuldiging, verspreiding
en/of verstrekking van de in de e-mail ontvangen informatie aan derden
is niet toegestaan. Op alle diensten die wij verlenen zijn algemene
voorwaarden van toepassing die een beperking van onze aansprakelijkheid
bevatten. De algemene voorwaarden kunt u vinden en downloaden op
https://exclusive-it.nl/AlgemeneVoorwaarden.pdf - The information in
this e-mail is confidential and intended solely for the addressee. Use
of this information by others than the addressee is not allowed. If you
are not the intended recipient of this e-mail, you are hereby requested
to not use the contents but notify the sender immediately by returning
this e-mail and subsequently delete the message. Disclosure, copying,
distribution of the information in this e-mail to third parties is
prohibited and may be unlawful. All services we provide are subject to
our general terms and conditions which include a restriction of our
liability. You can find and download the general terms and conditions
(Dutch) on https://exclusive-it.nl/AlgemeneVoorwaarden.pdf.